Vulnerabilities > CVE-2010-2761 - Code Injection vulnerability in Andy Armstrong Cgi-Simple and Cgi.Pm

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
andy-armstrong
CWE-94
nessus

Summary

The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.

Vulnerable Configurations

Part Description Count
Application
Andy_Armstrong
174

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating User-Controlled Variables
    This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.

Nessus

  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2012-0013.NASL
    descriptiona. vCenter and ESX update to JRE 1.6.0 Update 31 The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. b. vCenter Update Manager update to JRE 1.5.0 Update 36 The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical Patch Update Advisory for June 2012. c. Update to ESX/ESXi userworld OpenSSL library The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version 0.9.8t to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues. d. Update to ESX service console OpenSSL RPM The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue. e. Update to ESX service console kernel The ESX service console kernel is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583 to these issues. f. Update to ESX service console Perl RPM The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2761, CVE-2010-4410, and CVE-2011-3597 to these issues. g. Update to ESX service console libxml2 RPMs The ESX service console libmxl2 RPMs are updated to libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0841 to this issue. h. Update to ESX service console glibc RPM The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864 to these issue. i. Update to ESX service console GnuTLS RPM The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4128, CVE-2012-1569, and CVE-2012-1573 to these issues. j. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to the following versions to resolve multiple security issues : - popt-1.10.2.3-28.el5_8 - rpm-4.4.2.3-28.el5_8 - rpm-libs-4.4.2.3-28.el5_8 - rpm-python-4.4.2.3-28.el5_8 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 to these issues. k. Vulnerability in third-party Apache Struts component The version of Apache Struts in vCenter Operations has been updated to 2.3.4 which addresses an arbitrary file overwrite vulnerability. This vulnerability allows an attacker to create a denial of service by overwriting arbitrary files without authentication. The attacker would need to be on the same network as the system where vCOps is installed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0393 to this issue. Note: Apache struts 2.3.4 addresses the following issues as well : CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It was found that these do not affect vCOps. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us.
    last seen2020-06-01
    modified2020-06-02
    plugin id61747
    published2012-08-31
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61747
    titleVMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from VMware Security Advisory 2012-0013. 
    # The text itself is copyright (C) VMware Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61747);
      script_version("1.56");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/30");
    
      script_cve_id("CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2010-2761", "CVE-2010-4180", "CVE-2010-4252", "CVE-2010-4410", "CVE-2011-0014", "CVE-2011-1020", "CVE-2011-1089", "CVE-2011-1833", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2699", "CVE-2011-3188", "CVE-2011-3209", "CVE-2011-3363", "CVE-2011-3597", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4110", "CVE-2011-4128", "CVE-2011-4132", "CVE-2011-4324", "CVE-2011-4325", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4609", "CVE-2011-4619", "CVE-2012-0050", "CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0207", "CVE-2012-0393", "CVE-2012-0815", "CVE-2012-0841", "CVE-2012-0864", "CVE-2012-1569", "CVE-2012-1573", "CVE-2012-1583", "CVE-2012-2110");
      script_bugtraq_id(40063, 44199, 45145, 45163, 45164, 46264, 46567, 46740, 47321, 48383, 48802, 49108, 49289, 49626, 49911, 50311, 50609, 50663, 50755, 50798, 50898, 51194, 51257, 51281, 51343, 51366, 51439, 51467, 51563, 52009, 52010, 52011, 52012, 52013, 52014, 52015, 52016, 52017, 52018, 52019, 52020, 52107, 52161, 52201, 52667, 52668, 52865, 53136, 53139, 53158, 53946, 53947, 53948, 53949, 53950, 53951, 53952, 53953, 53954, 53956, 53958, 53959, 53960);
      script_xref(name:"VMSA", value:"2012-0013");
    
      script_name(english:"VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries");
      script_summary(english:"Checks esxupdate output for the patches");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote VMware ESXi / ESX host is missing one or more
    security-related patches."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "a. vCenter and ESX update to JRE 1.6.0 Update 31
    
       The Oracle (Sun) JRE is updated to version 1.6.0_31, which
       addresses multiple security issues. Oracle has documented the
       CVE identifiers that are addressed by this update in the Oracle
       Java SE Critical Patch Update Advisory of February 2012.
    
    b. vCenter Update Manager update to JRE 1.5.0 Update 36
    
       The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple
       security issues.  Oracle has documented the CVE identifiers that
       are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical
       Patch Update Advisory for June 2012.
    
    c. Update to ESX/ESXi userworld OpenSSL library
    
       The ESX/ESXi userworld OpenSSL library is updated from version
       0.9.8p to version 0.9.8t to resolve multiple security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the names CVE-2010-4180, CVE-2010-4252,
       CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576,
       CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues.
    
    d. Update to ESX service console OpenSSL RPM
    
       The service console OpenSSL RPM is updated to version
       0.9.8e-22.el5_8.3 to resolve a security issue.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the name CVE-2012-2110 to this issue.
    
    e. Update to ESX service console kernel
    
       The ESX service console kernel is updated to resolve multiple
       security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the names CVE-2011-1833, CVE-2011-2484,
       CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363,
       CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324,
       CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583
       to these issues.
    
    f. Update to ESX service console Perl RPM
    
       The ESX service console Perl RPM is updated to
       perl-5.8.8.32.1.8999.vmw to resolve multiple security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the names CVE-2010-2761, CVE-2010-4410, and
       CVE-2011-3597 to these issues.
    
    g. Update to ESX service console libxml2 RPMs
    
       The ESX service console libmxl2 RPMs are updated to
       libxml2-2.6.26-2.1.15.el5_8.2 and
       libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security
       issue.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the name CVE-2012-0841 to this issue.
    
    h. Update to ESX service console glibc RPM
    
       The ESX service console glibc RPM is updated to version
       glibc-2.5-81.el5_8.1 to resolve multiple security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the names CVE-2009-5029, CVE-2009-5064,
       CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864
       to these issue.
    
    i. Update to ESX service console GnuTLS RPM
    
       The ESX service console GnuTLS RPM is updated to version
       1.4.1-7.el5_8.2 to resolve multiple security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the names CVE-2011-4128, CVE-2012-1569, and
       CVE-2012-1573 to these issues.
    
    j. Update to ESX service console popt, rpm, rpm-libs,
       and rpm-python RPMS
    
       The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS
       are updated to the following versions to resolve multiple
       security issues :
          - popt-1.10.2.3-28.el5_8
          - rpm-4.4.2.3-28.el5_8
          - rpm-libs-4.4.2.3-28.el5_8
          - rpm-python-4.4.2.3-28.el5_8
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the name CVE-2012-0060, CVE-2012-0061, and
       CVE-2012-0815 to these issues.
    
    k. Vulnerability in third-party Apache Struts component
    
       The version of Apache Struts in vCenter Operations has been
       updated to 2.3.4 which addresses an arbitrary file overwrite
       vulnerability. This vulnerability allows an attacker to create
       a denial of service by overwriting arbitrary files without
       authentication. The attacker would need to be on the same network
       as the system where vCOps is installed.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org) has
       assigned the name CVE-2012-0393 to this issue.
    
       Note: Apache struts 2.3.4 addresses the following issues as well :
       CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It
       was found that these do not affect vCOps.
    
       VMware would like to thank Alexander Minozhenko from ERPScan for
       reporting this issue to us."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://lists.vmware.com/pipermail/security-announce/2012/000197.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply the missing patches.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java Applet Field Bytecode Verifier Cache Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:4.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/31");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"VMware ESX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
      script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("vmware_esx_packages.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
    if (
      !get_kb_item("Host/VMware/esxcli_software_vibs") &&
      !get_kb_item("Host/VMware/esxupdate")
    ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    init_esx_check(date:"2012-08-30");
    flag = 0;
    
    
    if (
      esx_check(
        ver           : "ESX 4.0",
        patch         : "ESX400-201209401-SG",
        patch_updates : make_list("ESX400-201302401-SG", "ESX400-201305401-SG", "ESX400-201310401-SG", "ESX400-201404401-SG")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.0",
        patch         : "ESX400-201209402-SG",
        patch_updates : make_list("ESX400-201305404-SG", "ESX400-201310402-SG")
      )
    ) flag++;
    if (esx_check(ver:"ESX 4.0", patch:"ESX400-201209404-SG")) flag++;
    
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208101-SG",
        patch_updates : make_list("ESX410-201211401-SG", "ESX410-201301401-SG", "ESX410-201304401-SG", "ESX410-201307401-SG", "ESX410-201312401-SG", "ESX410-201404401-SG", "ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208102-SG",
        patch_updates : make_list("ESX410-201301405-SG", "ESX410-201304402-SG", "ESX410-201307405-SG", "ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208103-SG",
        patch_updates : make_list("ESX410-201307403-SG", "ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208104-SG",
        patch_updates : make_list("ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208105-SG",
        patch_updates : make_list("ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208106-SG",
        patch_updates : make_list("ESX410-201307404-SG", "ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208107-SG",
        patch_updates : make_list("ESX410-Update03")
      )
    ) flag++;
    
    if (
      esx_check(
        ver           : "ESXi 4.1",
        patch         : "ESXi410-201208101-SG",
        patch_updates : make_list("ESXi410-201211401-SG", "ESXi410-201301401-SG", "ESXi410-201304401-SG", "ESXi410-201307401-SG", "ESXi410-201312401-SG", "ESXi410-201404401-SG", "ESXi410-Update03")
      )
    ) flag++;
    
    if (esx_check(ver:"ESXi 5.0", vib:"VMware:esx-base:5.0.0-1.25.912577")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201110-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201110-03 (Bugzilla: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Bugzilla. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could conduct cross-site scripting attacks, conduct script insertion and spoofing attacks, hijack the authentication of arbitrary users, inject arbitrary HTTP headers, obtain access to arbitrary accounts, disclose the existence of confidential groups and its names, or inject arbitrary e-mail headers. A local attacker could disclose the contents of temporarfy files for uploaded attachments. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id56445
    published2011-10-11
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56445
    titleGLSA-201110-03 : Bugzilla: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201110-03.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(56445);
      script_version("1.8");
      script_cvs_date("Date: 2018/07/11 17:09:26");
    
      script_cve_id("CVE-2010-2761", "CVE-2010-3172", "CVE-2010-3764", "CVE-2010-4411", "CVE-2010-4567", "CVE-2010-4568", "CVE-2010-4569", "CVE-2010-4570", "CVE-2010-4572", "CVE-2011-0046", "CVE-2011-0048", "CVE-2011-2379", "CVE-2011-2380", "CVE-2011-2381", "CVE-2011-2976", "CVE-2011-2977", "CVE-2011-2978", "CVE-2011-2979");
      script_bugtraq_id(44618, 45145, 45982, 49042);
      script_xref(name:"GLSA", value:"201110-03");
    
      script_name(english:"GLSA-201110-03 : Bugzilla: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201110-03
    (Bugzilla: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Bugzilla. Please review
          the CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker could conduct cross-site scripting attacks, conduct
          script insertion and spoofing attacks, hijack the authentication of
          arbitrary users, inject arbitrary HTTP headers, obtain access to
          arbitrary accounts, disclose the existence of confidential groups and its
          names, or inject arbitrary e-mail headers.
        A local attacker could disclose the contents of temporarfy files for
          uploaded attachments.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201110-03"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Bugzilla users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-apps/bugzilla-3.6.6'
        NOTE: This is a legacy GLSA. Updates for all affected architectures are
          available since August 27, 2011. It is likely that your system is already
          no longer affected by this issue."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:bugzilla");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/10/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"www-apps/bugzilla", unaffected:make_list("ge 3.6.6"), vulnerable:make_list("lt 3.6.6"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Bugzilla");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0558.NASL
    descriptionUpdated perl packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. The Perl CGI module provides resources for preparing and processing Common Gateway Interface (CGI) based HTTP requests and responses. It was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially crafted HTTP request. (CVE-2010-2761) A CRLF injection flaw was found in the way the Perl CGI module processed a sequence of non-whitespace preceded by newline characters in the header. A remote attacker could use this flaw to conduct an HTTP response splitting attack via a specially crafted sequence of characters provided to the CGI module. (CVE-2010-4410) It was found that certain Perl string manipulation functions (such as uc() and lc()) failed to preserve the taint bit. A remote attacker could use this flaw to bypass the Perl taint mode protection mechanism in scripts that use the affected functions to process tainted input. (CVE-2011-1487) These packages upgrade the CGI module to version 3.51. Refer to the CGI module
    last seen2020-06-01
    modified2020-06-02
    plugin id54593
    published2011-05-20
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/54593
    titleRHEL 6 : perl (RHSA-2011:0558)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2011:0558. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(54593);
      script_version ("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:16");
    
      script_cve_id("CVE-2010-2761", "CVE-2010-4410", "CVE-2010-4411", "CVE-2011-1487");
      script_bugtraq_id(45145, 47124);
      script_xref(name:"RHSA", value:"2011:0558");
    
      script_name(english:"RHEL 6 : perl (RHSA-2011:0558)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated perl packages that fix three security issues and several bugs
    are now available for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    Perl is a high-level programming language commonly used for system
    administration utilities and web programming. The Perl CGI module
    provides resources for preparing and processing Common Gateway
    Interface (CGI) based HTTP requests and responses.
    
    It was found that the Perl CGI module used a hard-coded value for the
    MIME boundary string in multipart/x-mixed-replace content. A remote
    attacker could possibly use this flaw to conduct an HTTP response
    splitting attack via a specially crafted HTTP request. (CVE-2010-2761)
    
    A CRLF injection flaw was found in the way the Perl CGI module
    processed a sequence of non-whitespace preceded by newline characters
    in the header. A remote attacker could use this flaw to conduct an
    HTTP response splitting attack via a specially crafted sequence of
    characters provided to the CGI module. (CVE-2010-4410)
    
    It was found that certain Perl string manipulation functions (such as
    uc() and lc()) failed to preserve the taint bit. A remote attacker
    could use this flaw to bypass the Perl taint mode protection mechanism
    in scripts that use the affected functions to process tainted input.
    (CVE-2011-1487)
    
    These packages upgrade the CGI module to version 3.51. Refer to the
    CGI module's Changes file, linked to in the References, for a full
    list of changes.
    
    This update also fixes the following bugs :
    
    * When using the 'threads' module, an attempt to send a signal to a
    thread that did not have a signal handler specified caused the perl
    interpreter to terminate unexpectedly with a segmentation fault. With
    this update, the 'threads' module has been updated to upstream version
    1.82, which fixes this bug. As a result, sending a signal to a thread
    that does not have the signal handler specified no longer causes perl
    to crash. (BZ#626330)
    
    * Prior to this update, the perl packages did not require the
    Digest::SHA module as a dependency. Consequent to this, when a user
    started the cpan command line interface and attempted to download a
    distribution from CPAN, they may have been presented with the
    following message :
    
    CPAN: checksum security checks disabled because Digest::SHA not
    installed. Please consider installing the Digest::SHA module.
    
    This update corrects the spec file for the perl package to require the
    perl-Digest-SHA package as a dependency, and cpan no longer displays
    the above message. (BZ#640716)
    
    * When using the 'threads' module, continual creation and destruction
    of threads could cause the Perl program to consume an increasing
    amount of memory. With this update, the underlying source code has
    been corrected to free the allocated memory when a thread is
    destroyed, and the continual creation and destruction of threads in
    Perl programs no longer leads to memory leaks. (BZ#640720)
    
    * Due to a packaging error, the perl packages did not include the
    'NDBM_File' module. This update corrects this error, and 'NDBM_File'
    is now included as expected. (BZ#640729)
    
    * Prior to this update, the prove(1) manual page and the 'prove
    --help' command listed '--fork' as a valid command line option.
    However, version 3.17 of the Test::Harness distribution removed the
    support for the fork-based parallel testing, and the prove utility
    thus no longer supports this option. This update corrects both the
    manual page and the output of the 'prove --help' command, so that
    '--fork' is no longer included in the list of available command line
    options. (BZ#609492)
    
    Users of Perl, especially those of Perl threads, are advised to
    upgrade to these updated packages, which correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-2761"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-4410"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-1487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.51/Changes"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2011:0558"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Archive-Extract");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Archive-Tar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-CGI");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-CPAN");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-CPANPLUS");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Compress-Zlib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Digest-SHA");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-ExtUtils-CBuilder");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-ExtUtils-Embed");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-ExtUtils-MakeMaker");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-ExtUtils-ParseXS");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-File-Fetch");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-IO-Compress-Base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-IO-Compress-Zlib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-IO-Zlib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-IPC-Cmd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Locale-Maketext-Simple");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Log-Message");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Log-Message-Simple");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Module-Build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Module-CoreList");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Module-Load");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Module-Load-Conditional");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Module-Loaded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Module-Pluggable");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Object-Accessor");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Package-Constants");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Params-Check");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Parse-CPAN-Meta");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Pod-Escapes");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Pod-Simple");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Term-UI");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Test-Harness");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Test-Simple");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Time-HiRes");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Time-Piece");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-parent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-suidperl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-version");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/12/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/05/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2011:0558";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Archive-Extract-0.38-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Archive-Extract-0.38-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Archive-Extract-0.38-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Archive-Tar-1.58-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Archive-Tar-1.58-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Archive-Tar-1.58-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-CGI-3.51-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-CGI-3.51-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-CGI-3.51-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-CPAN-1.9402-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-CPAN-1.9402-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-CPAN-1.9402-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-CPANPLUS-0.88-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-CPANPLUS-0.88-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-CPANPLUS-0.88-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Compress-Zlib-2.020-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Compress-Zlib-2.020-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Compress-Zlib-2.020-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Digest-SHA-5.47-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Digest-SHA-5.47-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Digest-SHA-5.47-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-ExtUtils-CBuilder-0.27-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-ExtUtils-CBuilder-0.27-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-ExtUtils-CBuilder-0.27-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-ExtUtils-Embed-1.28-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-ExtUtils-Embed-1.28-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-ExtUtils-Embed-1.28-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-ExtUtils-MakeMaker-6.55-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-ExtUtils-MakeMaker-6.55-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-ExtUtils-MakeMaker-6.55-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-ExtUtils-ParseXS-2.2003.0-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-ExtUtils-ParseXS-2.2003.0-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-ExtUtils-ParseXS-2.2003.0-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-File-Fetch-0.26-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-File-Fetch-0.26-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-File-Fetch-0.26-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-IO-Compress-Base-2.020-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-IO-Compress-Base-2.020-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-IO-Compress-Base-2.020-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-IO-Compress-Zlib-2.020-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-IO-Compress-Zlib-2.020-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-IO-Compress-Zlib-2.020-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-IO-Zlib-1.09-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-IO-Zlib-1.09-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-IO-Zlib-1.09-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-IPC-Cmd-0.56-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-IPC-Cmd-0.56-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-IPC-Cmd-0.56-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Locale-Maketext-Simple-0.18-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Locale-Maketext-Simple-0.18-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Locale-Maketext-Simple-0.18-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Log-Message-0.02-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Log-Message-0.02-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Log-Message-0.02-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Log-Message-Simple-0.04-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Log-Message-Simple-0.04-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Log-Message-Simple-0.04-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Module-Build-0.3500-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Module-Build-0.3500-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Module-Build-0.3500-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Module-CoreList-2.18-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Module-CoreList-2.18-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Module-CoreList-2.18-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Module-Load-0.16-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Module-Load-0.16-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Module-Load-0.16-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Module-Load-Conditional-0.30-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Module-Load-Conditional-0.30-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Module-Load-Conditional-0.30-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Module-Loaded-0.02-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Module-Loaded-0.02-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Module-Loaded-0.02-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Module-Pluggable-3.90-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Module-Pluggable-3.90-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Module-Pluggable-3.90-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Object-Accessor-0.34-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Object-Accessor-0.34-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Object-Accessor-0.34-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Package-Constants-0.02-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Package-Constants-0.02-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Package-Constants-0.02-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Params-Check-0.26-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Params-Check-0.26-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Params-Check-0.26-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Parse-CPAN-Meta-1.40-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Parse-CPAN-Meta-1.40-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Parse-CPAN-Meta-1.40-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Pod-Escapes-1.04-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Pod-Escapes-1.04-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Pod-Escapes-1.04-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Pod-Simple-3.13-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Pod-Simple-3.13-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Pod-Simple-3.13-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Term-UI-0.20-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Term-UI-0.20-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Term-UI-0.20-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Test-Harness-3.17-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Test-Harness-3.17-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Test-Harness-3.17-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Test-Simple-0.92-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Test-Simple-0.92-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Test-Simple-0.92-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Time-HiRes-1.9721-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Time-HiRes-1.9721-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Time-HiRes-1.9721-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Time-Piece-1.15-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Time-Piece-1.15-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Time-Piece-1.15-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-core-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-core-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-core-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"perl-debuginfo-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"perl-devel-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"perl-libs-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-parent-0.221-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-parent-0.221-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-parent-0.221-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-suidperl-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-suidperl-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-suidperl-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-version-0.77-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-version-0.77-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-version-0.77-119.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-Archive-Extract / perl-Archive-Tar / perl-CGI / etc");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-0640.NASL
    descriptionUpdate to version 3.51, extending the fix for CVE-2010-2761. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id51830
    published2011-02-01
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51830
    titleFedora 14 : perl-CGI-3.51-1.fc14 (2011-0640)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2011-0640.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(51830);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:33");
    
      script_bugtraq_id(45145);
      script_xref(name:"FEDORA", value:"2011-0640");
    
      script_name(english:"Fedora 14 : perl-CGI-3.51-1.fc14 (2011-0640)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to version 3.51, extending the fix for CVE-2010-2761.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=657950"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2011-January/053628.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6e8e6562"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected perl-CGI package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-CGI");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/01/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/02/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC14", reference:"perl-CGI-3.51-1.fc14")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-CGI");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C8C927E5289111E08F2600151735203A.NASL
    descriptionA Bugzilla Security Advisory reports : This advisory covers three security issues that have recently been fixed in the Bugzilla code : - A weakness in Bugzilla could allow a user to gain unauthorized access to another Bugzilla account. - A weakness in the Perl CGI.pm module allows injecting HTTP headers and content to users via several pages in Bugzilla. - If you put a harmful
    last seen2020-06-01
    modified2020-06-02
    plugin id51670
    published2011-01-26
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51670
    titleFreeBSD : bugzilla -- multiple serious vulnerabilities (c8c927e5-2891-11e0-8f26-00151735203a)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(51670);
      script_version("1.10");
      script_cvs_date("Date: 2019/08/02 13:32:41");
    
      script_cve_id("CVE-2010-0048", "CVE-2010-2761", "CVE-2010-4411", "CVE-2010-4567", "CVE-2010-4568", "CVE-2010-4572", "CVE-2011-0046");
      script_bugtraq_id(25425);
    
      script_name(english:"FreeBSD : bugzilla -- multiple serious vulnerabilities (c8c927e5-2891-11e0-8f26-00151735203a)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A Bugzilla Security Advisory reports :
    
    This advisory covers three security issues that have recently been
    fixed in the Bugzilla code :
    
    - A weakness in Bugzilla could allow a user to gain unauthorized
    access to another Bugzilla account.
    
    - A weakness in the Perl CGI.pm module allows injecting HTTP headers
    and content to users via several pages in Bugzilla.
    
    - If you put a harmful 'javascript:' or 'data:' URL into Bugzilla's
    'URL' field, then there are multiple situations in which Bugzilla will
    unintentionally make that link clickable.
    
    - Various pages lack protection against cross-site request forgeries.
    
    All affected installations are encouraged to upgrade as soon as
    possible."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=621591"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=619594"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=591165"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=621572"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=619588"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=628034"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=621090"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=621105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=621107"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=621108"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=621109"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=621110"
      );
      # https://vuxml.freebsd.org/freebsd/c8c927e5-2891-11e0-8f26-00151735203a.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4f3ca8a3"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:bugzilla");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/01/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/01/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"bugzilla>=2.14.*<3.6.4")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-0653.NASL
    descriptionUpdate to 1.113 and apply additional patch to resolve CVE-2010-4410. Fix boundary to use randomized value as opposed to hard-coded value. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id51823
    published2011-01-31
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51823
    titleFedora 14 : perl-CGI-Simple-1.113-1.fc14 (2011-0653)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2011-0653.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(51823);
      script_version("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:33");
    
      script_cve_id("CVE-2010-2761", "CVE-2010-4410");
      script_bugtraq_id(45145);
      script_xref(name:"FEDORA", value:"2011-0653");
    
      script_name(english:"Fedora 14 : perl-CGI-Simple-1.113-1.fc14 (2011-0653)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to 1.113 and apply additional patch to resolve CVE-2010-4410.
    
    Fix boundary to use randomized value as opposed to hard-coded value.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=658970"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=658976"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5f57fc28"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected perl-CGI-Simple package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-CGI-Simple");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/01/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC14", reference:"perl-CGI-Simple-1.113-1.fc14")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-CGI-Simple");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-0631.NASL
    descriptionUpdate to 1.113 and apply additional patch to resolve CVE-2010-4410. Fix boundary to use randomized value as opposed to hard-coded value. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id51822
    published2011-01-31
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51822
    titleFedora 13 : perl-CGI-Simple-1.113-1.fc13 (2011-0631)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2011-0631.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(51822);
      script_version("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:33");
    
      script_cve_id("CVE-2010-2761", "CVE-2010-4410");
      script_bugtraq_id(45145);
      script_xref(name:"FEDORA", value:"2011-0631");
    
      script_name(english:"Fedora 13 : perl-CGI-Simple-1.113-1.fc13 (2011-0631)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to 1.113 and apply additional patch to resolve CVE-2010-4410.
    
    Fix boundary to use randomized value as opposed to hard-coded value.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=658970"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=658976"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d4df5f4f"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected perl-CGI-Simple package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-CGI-Simple");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/01/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC13", reference:"perl-CGI-Simple-1.113-1.fc13")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-CGI-Simple");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-0654.NASL
    descriptionUpdate to version 3.51, extending the fix for CVE-2010-2761. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id51831
    published2011-02-01
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51831
    titleFedora 13 : perl-CGI-3.51-1.fc13 (2011-0654)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2011-0654.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(51831);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:33");
    
      script_bugtraq_id(45145);
      script_xref(name:"FEDORA", value:"2011-0654");
    
      script_name(english:"Fedora 13 : perl-CGI-3.51-1.fc13 (2011-0654)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to version 3.51, extending the fix for CVE-2010-2761.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=657950"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2011-January/053601.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0cdbf7fe"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected perl-CGI package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-CGI");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/01/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/02/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC13", reference:"perl-CGI-3.51-1.fc13")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-CGI");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_PERL-CGI-SIMPLE-110107.NASL
    descriptionA HTTP header injection attack was fixed in perl-CGI-Simple. CVE-2010-2761 has been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id75708
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75708
    titleopenSUSE Security Update : perl-CGI-Simple (openSUSE-SU-2011:0020-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update perl-CGI-Simple-3785.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75708);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/25 13:36:41");
    
      script_cve_id("CVE-2010-2761", "CVE-2010-3172");
    
      script_name(english:"openSUSE Security Update : perl-CGI-Simple (openSUSE-SU-2011:0020-1)");
      script_summary(english:"Check for the perl-CGI-Simple-3785 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A HTTP header injection attack was fixed in perl-CGI-Simple.
    CVE-2010-2761 has been assigned to this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=657731"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-01/msg00009.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected perl-CGI-Simple package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-CGI-Simple");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/01/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.3", reference:"perl-CGI-Simple-1.112-7.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-CGI-Simple");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20111208_PERL_ON_SL4_X.NASL
    descriptionPerl is a high-level programming language commonly used for system administration utilities and web programming. It was found that the
    last seen2020-06-01
    modified2020-06-02
    plugin id61202
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61202
    titleScientific Linux Security Update : perl on SL4.x, SL5.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61202);
      script_version("1.5");
      script_cvs_date("Date: 2019/10/25 13:36:20");
    
      script_cve_id("CVE-2011-3597");
    
      script_name(english:"Scientific Linux Security Update : perl on SL4.x, SL5.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Perl is a high-level programming language commonly used for system
    administration utilities and web programming.
    
    It was found that the 'new' constructor of the Digest module used its
    argument as part of the string expression passed to the eval()
    function. An attacker could possibly use this flaw to execute
    arbitrary Perl code with the privileges of a Perl program that uses
    untrusted input as an argument to the constructor. (CVE-2011-3597)
    
    It was found that the Perl CGI module used a hard-coded value for the
    MIME boundary string in multipart/x-mixed-replace content. A remote
    attacker could possibly use this flaw to conduct an HTTP response
    splitting attack via a specially crafted HTTP request. (CVE-2010-2761)
    
    A CRLF injection flaw was found in the way the Perl CGI module
    processed a sequence of non-whitespace preceded by newline characters
    in the header. A remote attacker could use this flaw to conduct an
    HTTP response splitting attack via a specially crafted sequence of
    characters provided to the CGI module. (CVE-2010-4410)
    
    All Perl users should upgrade to these updated packages, which contain
    backported patches to correct these issues. All running Perl programs
    must be restarted for this update to take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1112&L=scientific-linux-errata&T=0&P=2385
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1bce9e6c"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected perl, perl-debuginfo and / or perl-suidperl
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL4", reference:"perl-5.8.5-57.el4")) flag++;
    if (rpm_check(release:"SL4", reference:"perl-debuginfo-5.8.5-57.el4")) flag++;
    if (rpm_check(release:"SL4", reference:"perl-suidperl-5.8.5-57.el4")) flag++;
    
    if (rpm_check(release:"SL5", reference:"perl-5.8.8-32.el5_7.6")) flag++;
    if (rpm_check(release:"SL5", reference:"perl-debuginfo-5.8.8-32.el5_7.6")) flag++;
    if (rpm_check(release:"SL5", reference:"perl-suidperl-5.8.8-32.el5_7.6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_PERL-110112.NASL
    descriptionMultiple header injection problems in the CGI module of perl have been fixed. They allowed to inject HTTP headers in responses. CVE-2010-2761, CVE-2010-4410 and CVE-2010-4411 have been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id53789
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53789
    titleopenSUSE Security Update : perl (openSUSE-SU-2011:0064-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update perl-3806.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(53789);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/25 13:36:41");
    
      script_cve_id("CVE-2010-2761", "CVE-2010-3172", "CVE-2010-4410", "CVE-2010-4411");
    
      script_name(english:"openSUSE Security Update : perl (openSUSE-SU-2011:0064-1)");
      script_summary(english:"Check for the perl-3806 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple header injection problems in the CGI module of perl have been
    fixed. They allowed to inject HTTP headers in responses.
    CVE-2010-2761, CVE-2010-4410 and CVE-2010-4411 have been assigned to
    this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=657343"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-01/msg00027.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected perl packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-base-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/01/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/05");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.2", reference:"perl-5.10.0-72.9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"perl-base-5.10.0-72.9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", cpu:"x86_64", reference:"perl-32bit-5.10.0-72.9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", cpu:"x86_64", reference:"perl-base-32bit-5.10.0-72.9.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110519_PERL_ON_SL6_X.NASL
    descriptionPerl is a high-level programming language commonly used for system administration utilities and web programming. The Perl CGI module provides resources for preparing and processing Common Gateway Interface (CGI) based HTTP requests and responses. It was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially crafted HTTP request. (CVE-2010-2761) A CRLF injection flaw was found in the way the Perl CGI module processed a sequence of non-whitespace preceded by newline characters in the header. A remote attacker could use this flaw to conduct an HTTP response splitting attack via a specially crafted sequence of characters provided to the CGI module. (CVE-2010-4410) It was found that certain Perl string manipulation functions (such as uc() and lc()) failed to preserve the taint bit. A remote attacker could use this flaw to bypass the Perl taint mode protection mechanism in scripts that use the affected functions to process tainted input. (CVE-2011-1487) These packages upgrade the CGI module to version 3.51. Refer to the CGI module
    last seen2020-06-01
    modified2020-06-02
    plugin id61044
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61044
    titleScientific Linux Security Update : perl on SL6.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61044);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/25 13:36:19");
    
      script_cve_id("CVE-2011-1487");
    
      script_name(english:"Scientific Linux Security Update : perl on SL6.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Perl is a high-level programming language commonly used for system
    administration utilities and web programming. The Perl CGI module
    provides resources for preparing and processing Common Gateway
    Interface (CGI) based HTTP requests and responses.
    
    It was found that the Perl CGI module used a hard-coded value for the
    MIME boundary string in multipart/x-mixed-replace content. A remote
    attacker could possibly use this flaw to conduct an HTTP response
    splitting attack via a specially crafted HTTP request. (CVE-2010-2761)
    
    A CRLF injection flaw was found in the way the Perl CGI module
    processed a sequence of non-whitespace preceded by newline characters
    in the header. A remote attacker could use this flaw to conduct an
    HTTP response splitting attack via a specially crafted sequence of
    characters provided to the CGI module. (CVE-2010-4410)
    
    It was found that certain Perl string manipulation functions (such as
    uc() and lc()) failed to preserve the taint bit. A remote attacker
    could use this flaw to bypass the Perl taint mode protection mechanism
    in scripts that use the affected functions to process tainted input.
    (CVE-2011-1487)
    
    These packages upgrade the CGI module to version 3.51. Refer to the
    CGI module's Changes file, linked to in the References, for a full
    list of changes.
    
    This update also fixes the following bugs :
    
      - When using the 'threads' module, an attempt to send a
        signal to a thread that did not have a signal handler
        specified caused the perl interpreter to terminate
        unexpectedly with a segmentation fault. With this
        update, the 'threads' module has been updated to
        upstream version 1.82, which fixes this bug. As a
        result, sending a signal to a thread that does not have
        the signal handler specified no longer causes perl to
        cras
    
      - Prior to this update, the perl packages did not require
        the Digest::SHA module as a dependency. Consequent to
        this, when a user started the cpan command line
        interface and attempted to download a distribution from
        CPAN, they may have been presented with the following
        message :
    
    CPAN: checksum security checks disabled because Digest::SHA not
    installed. Please consider installing the Digest::SHA module.
    
    This update corrects the spec file for the perl package to require the
    perl-Digest-SHA package as a dependency, and cpan no longer displays
    the above message.
    
      - When using the 'threads' module, continual creation and
        destruction of threads could cause the Perl program to
        consume an increasing amount of memory. With this
        update, the underlying source code has been corrected to
        free the allocated memory when a thread is destroyed,
        and the continual creation and destruction of threads in
        Perl programs no longer leads to memory leaks.
    
      - Due to a packaging error, the perl packages did not
        include the 'NDBM_File' module. This update corrects
        this error, and 'NDBM_File' is now included as expected.
    
      - Prior to this update, the prove(1) manual page and the
        'prove --help' command listed '--fork' as a valid
        command line option. However, version 3.17 of the
        Test::Harness distribution removed the support for the
        fork-based parallel testing, and the prove utility thus
        no longer supports this option. This update corrects
        both the manual page and the output of the 'prove
        --help' command, so that '--fork' is no longer included
        in the list of available command line options.
    
    Users of Perl, especially those of Perl threads, are advised to
    upgrade to these updated packages, which correct these issues."
      );
      # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1106&L=scientific-linux-errata&T=0&P=1885
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1f2b00d4"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/05/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL6", reference:"perl-5.10.1-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Archive-Extract-0.38-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Archive-Tar-1.58-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-CGI-3.51-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-CPAN-1.9402-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-CPANPLUS-0.88-119.el6")) flag++;
    # Releases for this package decremented from 2.023 to 2.020 once the true
    # fix was implemented. Both 2.023 and fixed 2.020 packages exist for
    # SL 6.0 and SL 6.1. To avoid false positives we will skip checking this
    # ancillary package.
    #if (rpm_check(release:"SL6", reference:"perl-Compress-Raw-Zlib-2.023-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Compress-Zlib-2.020-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Digest-SHA-5.47-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-ExtUtils-CBuilder-0.27-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-ExtUtils-Embed-1.28-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-ExtUtils-MakeMaker-6.55-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-ExtUtils-ParseXS-2.2003.0-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-File-Fetch-0.26-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-IO-Compress-Base-2.020-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-IO-Compress-Zlib-2.020-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-IO-Zlib-1.09-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-IPC-Cmd-0.56-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Locale-Maketext-Simple-0.18-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Log-Message-0.02-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Log-Message-Simple-0.04-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Module-Build-0.3500-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Module-CoreList-2.18-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Module-Load-0.16-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Module-Load-Conditional-0.30-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Module-Loaded-0.02-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Module-Pluggable-3.90-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Object-Accessor-0.34-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Package-Constants-0.02-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Params-Check-0.26-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Parse-CPAN-Meta-1.40-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Pod-Escapes-1.04-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Pod-Simple-3.13-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Term-UI-0.20-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Test-Harness-3.17-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Test-Simple-0.92-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Time-HiRes-1.9721-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-Time-Piece-1.15-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-core-5.10.1-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-debuginfo-5.10.1-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-devel-5.10.1-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-libs-5.10.1-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-parent-0.221-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-suidperl-5.10.1-119.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perl-version-0.77-119.el6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2012-0013_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - Apache Struts - glibc - GnuTLS - JRE - kernel - libxml2 - OpenSSL - Perl - popt and rpm
    last seen2020-06-01
    modified2020-06-02
    plugin id89038
    published2016-02-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89038
    titleVMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89038);
      script_version("1.7");
      script_cvs_date("Date: 2019/09/24 15:02:54");
    
      script_cve_id(
        "CVE-2009-5029",
        "CVE-2009-5064",
        "CVE-2010-0830",
        "CVE-2010-2761",
        "CVE-2010-4180",
        "CVE-2010-4252",
        "CVE-2010-4410",
        "CVE-2011-0014",
        "CVE-2011-1020",
        "CVE-2011-1089",
        "CVE-2011-1833",
        "CVE-2011-2484",
        "CVE-2011-2496",
        "CVE-2011-2699",
        "CVE-2011-3188",
        "CVE-2011-3209",
        "CVE-2011-3363",
        "CVE-2011-3597",
        "CVE-2011-4108",
        "CVE-2011-4109",
        "CVE-2011-4110",
        "CVE-2011-4128",
        "CVE-2011-4132",
        "CVE-2011-4324",
        "CVE-2011-4325",
        "CVE-2011-4576",
        "CVE-2011-4577",
        "CVE-2011-4609",
        "CVE-2011-4619",
        "CVE-2012-0050",
        "CVE-2012-0060",
        "CVE-2012-0061",
        "CVE-2012-0207",
        "CVE-2012-0393",
        "CVE-2012-0815",
        "CVE-2012-0841",
        "CVE-2012-0864",
        "CVE-2012-1569",
        "CVE-2012-1573",
        "CVE-2012-1583",
        "CVE-2012-2110"
      );
      script_bugtraq_id(
        40063,
        44199,
        45145,
        45163,
        45164,
        46264,
        46567,
        46740,
        47321,
        48383,
        48802,
        49108,
        49289,
        49626,
        49911,
        50311,
        50609,
        50663,
        50755,
        50798,
        50898,
        51194,
        51257,
        51281,
        51343,
        51366,
        51439,
        51467,
        51563,
        52009,
        52010,
        52011,
        52012,
        52013,
        52014,
        52015,
        52016,
        52017,
        52018,
        52019,
        52020,
        52107,
        52161,
        52201,
        52667,
        52668,
        52865,
        53136,
        53139,
        53158,
        53946,
        53947,
        53948,
        53949,
        53950,
        53951,
        53952,
        53953,
        53954,
        53956,
        53958,
        53959,
        53960
      );
      script_xref(name:"VMSA", value:"2012-0013");
    
      script_name(english:"VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)");
      script_summary(english:"Checks the ESX / ESXi version and build number.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote VMware ESX / ESXi host is missing a security-related patch.");
      script_set_attribute(attribute:"description", value:
    "The remote VMware ESX / ESXi host is missing a security-related patch.
    It is, therefore, affected by multiple vulnerabilities, including
    remote code execution vulnerabilities, in several third-party
    libraries :
    
      - Apache Struts
      - glibc
      - GnuTLS
      - JRE
      - kernel
      - libxml2
      - OpenSSL
      - Perl
      - popt and rpm");
      script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2012-0013.html");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the vendor advisory that
    pertains to ESX version 3.5 / 4.0 / 4.1 or ESXi version 3.5 / 4.0 /
    4.1 / 5.0.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java Applet Field Bytecode Verifier Cache Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Misc.");
    
      script_dependencies("vmware_vsphere_detect.nbin");
      script_require_keys("Host/VMware/version", "Host/VMware/release");
      script_require_ports("Host/VMware/vsphere");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    version = get_kb_item_or_exit("Host/VMware/version");
    release = get_kb_item_or_exit("Host/VMware/release");
    port    = get_kb_item_or_exit("Host/VMware/vsphere");
    
    # Version + build map
    # https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1014508
    fixes = make_array();
    fixes["ESX 4.0"]  = 787047;
    fixes["ESX 4.1"]  = 800380; # Full patch    -- 811144 is security-fix only
    fixes["ESXi 4.1"] = 800380; # Full patch    -- 811144 is security-fix only
    fixes["ESXi 5.0"] = 912577; # Security-only -- 914586 is full patch
    
    # Extra fixes to report
    extra_fixes = make_array();
    extra_fixes["ESX 4.1"]  = 811144;
    extra_fixes["ESXi 4.1"] = 811144;
    extra_fixes["ESXi 5.0"] = 914586;
    
    matches = eregmatch(pattern:'^VMware (ESXi?).*build-([0-9]+)$', string:release);
    if (empty_or_null(matches))
      exit(1, 'Failed to extract the ESX / ESXi build number.');
    
    type  = matches[1];
    build = int(matches[2]);
    
    fixed_build = fixes[version];
    
    if (!isnull(fixed_build) && build < fixed_build)
    {
      if (!empty_or_null(extra_fixes[version])) fixed_build += " / " + extra_fixes[version];
     
      padding = crap(data:" ", length:8 - strlen(type)); # Spacing alignment
     
      report = '\n  ' + type + ' version' + padding + ': ' + version +
               '\n  Installed build : ' + build +
               '\n  Fixed build     : ' + fixed_build +
               '\n';
    
      security_report_v4(extra:report, port:port, severity:SECURITY_HOLE);
    }
    else
      audit(AUDIT_INST_VER_NOT_VULN, "VMware " + version + " build " + build);
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_141552-04.NASL
    descriptionSunOS 5.10: Apache 2 mod_perl Perl cgi pat. Date this patch was last updated by Sun : Apr/20/11
    last seen2020-06-01
    modified2020-06-02
    plugin id107527
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107527
    titleSolaris 10 (sparc) : 141552-04
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(107527);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/25 13:36:27");
    
      script_cve_id("CVE-2010-2761", "CVE-2010-4411");
    
      script_name(english:"Solaris 10 (sparc) : 141552-04");
      script_summary(english:"Check for patch 141552-04");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 141552-04"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.10: Apache 2 mod_perl Perl cgi pat.
    Date this patch was last updated by Sun : Apr/20/11"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/141552-04"
      );
      script_set_attribute(attribute:"solution", value:"Install patch 141552-04");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:122239");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:138322");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:141552");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/04/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    showrev = get_kb_item("Host/Solaris/showrev");
    if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
    os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
    if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
    full_ver = os_ver[1];
    os_level = os_ver[2];
    if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
    package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
    if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
    package_arch = package_arch[1];
    if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch);
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"141552-04", obsoleted_by:"146032-03 148561-04 ", package:"SUNWperl584core", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"141552-04", obsoleted_by:"146032-03 148561-04 ", package:"SUNWperl584usr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
    
    if (flag) {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : solaris_get_report()
      );
    } else {
      patch_fix = solaris_patch_fix_get();
      if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
      tested = solaris_pkg_tests_get();
      if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWperl584core / SUNWperl584usr");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1129-1.NASL
    descriptionIt was discovered that the Safe.pm Perl module incorrectly handled Safe::reval and Safe::rdo access restrictions. An attacker could use this flaw to bypass intended restrictions and possibly execute arbitrary code. (CVE-2010-1168, CVE-2010-1447) It was discovered that the CGI.pm Perl module incorrectly handled certain MIME boundary strings. An attacker could use this flaw to inject arbitrary HTTP headers and perform HTTP response splitting and cross-site scripting attacks. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 10.04 LTS and 10.10. (CVE-2010-2761, CVE-2010-4411) It was discovered that the CGI.pm Perl module incorrectly handled newline characters. An attacker could use this flaw to inject arbitrary HTTP headers and perform HTTP response splitting and cross-site scripting attacks. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 10.04 LTS and 10.10. (CVE-2010-4410) It was discovered that the lc, lcfirst, uc, and ucfirst functions did not properly apply the taint attribute when processing tainted input. An attacker could use this flaw to bypass intended restrictions. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS and 10.10. (CVE-2011-1487). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55090
    published2011-06-13
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55090
    titleUbuntu 6.06 LTS / 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : perl vulnerabilities (USN-1129-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_PERL-CGI-SIMPLE-110107.NASL
    descriptionA HTTP header injection attack was fixed in perl-CGI-Simple. CVE-2010-2761 has been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id53790
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53790
    titleopenSUSE Security Update : perl-CGI-Simple (openSUSE-SU-2011:0020-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_PERL-7316.NASL
    descriptionMultiple header injection problems in the CGI module of perl have been fixed. They allowed to inject HTTP headers in responses. - have been assigned to this issue. (CVE-2010-2761 / CVE-2010-4410 / CVE-2010-4411)
    last seen2020-06-01
    modified2020-06-02
    plugin id51641
    published2011-01-21
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51641
    titleSuSE 10 Security Update : Perl (ZYPP Patch Number 7316)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_PERL-110112.NASL
    descriptionMultiple header injection problems in the CGI module of perl have been fixed. They allowed to inject HTTP headers in responses. CVE-2010-2761 / CVE-2010-4410 / CVE-2010-4411 have been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id51630
    published2011-01-21
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51630
    titleSuSE 11.1 Security Update : perl (SAT Patch Number 3804)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_PERL-110112.NASL
    descriptionMultiple header injection problems in the CGI module of perl have been fixed. They allowed to inject HTTP headers in responses. CVE-2010-2761, CVE-2010-4410 and CVE-2010-4411 have been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id75705
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75705
    titleopenSUSE Security Update : perl (openSUSE-SU-2011:0064-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-0755.NASL
    descriptionSome serious security issues were discovered in Bugzilla and have been fixed in 3.4.10 and 3.6.4. See http://www.bugzilla.org/security/3.2.9/ for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id51856
    published2011-02-03
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51856
    titleFedora 13 : bugzilla-3.4.10-1.fc13 (2011-0755)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-0741.NASL
    descriptionSome serious security issues were discovered in Bugzilla and have been fixed in 3.4.10 and 3.6.4. See http://www.bugzilla.org/security/3.2.9/ for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id51855
    published2011-02-03
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51855
    titleFedora 14 : bugzilla-3.6.4-1.fc14 (2011-0741)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_141553-04.NASL
    descriptionSunOS 5.10_x86: Apache 2 mod_perl Perl cgi. Date this patch was last updated by Sun : Apr/20/11
    last seen2020-06-01
    modified2020-06-02
    plugin id108026
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108026
    titleSolaris 10 (x86) : 141553-04
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-008.NASL
    descriptionA vulnerability has been found and corrected in perl-CGI : Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761 (CVE-2010-4411). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been upgraded to the latest version (3.51) which is not affected by this issue and in turn also brings many bugfixes.
    last seen2020-06-01
    modified2020-06-02
    plugin id51800
    published2011-01-28
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51800
    titleMandriva Linux Security Advisory : perl-CGI (MDVSA-2011:008)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-1797.NASL
    descriptionUpdated perl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. It was found that the
    last seen2020-06-01
    modified2020-06-02
    plugin id57068
    published2011-12-12
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57068
    titleCentOS 4 / 5 : perl (CESA-2011:1797)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-1797.NASL
    descriptionFrom Red Hat Security Advisory 2011:1797 : Updated perl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. It was found that the
    last seen2020-06-01
    modified2020-06-02
    plugin id68402
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68402
    titleOracle Linux 4 / 5 : perl (ELSA-2011-1797)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-237.NASL
    descriptionA new version of the CGI Perl module has been released to CPAN, which fixes several security bugs which directly affect Bugzilla (these two security bugs where first discovered as affecting Bugzilla, then identified as being bugs in CGI.pm itself). The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hard-coded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172 (CVE-2010-2761). CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172 (CVE-2010-4410). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90 The updated packages have been upgraded to perl-CGI 3.50 to solve these security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50609
    published2010-11-16
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50609
    titleMandriva Linux Security Advisory : perl-CGI (MDVSA-2010:237)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1797.NASL
    descriptionUpdated perl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. It was found that the
    last seen2020-06-01
    modified2020-06-02
    plugin id57053
    published2011-12-09
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57053
    titleRHEL 4 / 5 : perl (RHSA-2011:1797)

Redhat

advisories
rhsa
idRHSA-2011:1797
rpms
  • perl-4:5.10.1-119.el6
  • perl-Archive-Extract-1:0.38-119.el6
  • perl-Archive-Tar-0:1.58-119.el6
  • perl-CGI-0:3.51-119.el6
  • perl-CPAN-0:1.9402-119.el6
  • perl-CPANPLUS-0:0.88-119.el6
  • perl-Compress-Raw-Zlib-0:2.023-119.el6
  • perl-Compress-Zlib-0:2.020-119.el6
  • perl-Digest-SHA-1:5.47-119.el6
  • perl-ExtUtils-CBuilder-1:0.27-119.el6
  • perl-ExtUtils-Embed-0:1.28-119.el6
  • perl-ExtUtils-MakeMaker-0:6.55-119.el6
  • perl-ExtUtils-ParseXS-1:2.2003.0-119.el6
  • perl-File-Fetch-0:0.26-119.el6
  • perl-IO-Compress-Base-0:2.020-119.el6
  • perl-IO-Compress-Zlib-0:2.020-119.el6
  • perl-IO-Zlib-1:1.09-119.el6
  • perl-IPC-Cmd-1:0.56-119.el6
  • perl-Locale-Maketext-Simple-1:0.18-119.el6
  • perl-Log-Message-1:0.02-119.el6
  • perl-Log-Message-Simple-0:0.04-119.el6
  • perl-Module-Build-1:0.3500-119.el6
  • perl-Module-CoreList-0:2.18-119.el6
  • perl-Module-Load-1:0.16-119.el6
  • perl-Module-Load-Conditional-0:0.30-119.el6
  • perl-Module-Loaded-1:0.02-119.el6
  • perl-Module-Pluggable-1:3.90-119.el6
  • perl-Object-Accessor-1:0.34-119.el6
  • perl-Package-Constants-1:0.02-119.el6
  • perl-Params-Check-1:0.26-119.el6
  • perl-Parse-CPAN-Meta-1:1.40-119.el6
  • perl-Pod-Escapes-1:1.04-119.el6
  • perl-Pod-Simple-1:3.13-119.el6
  • perl-Term-UI-0:0.20-119.el6
  • perl-Test-Harness-0:3.17-119.el6
  • perl-Test-Simple-0:0.92-119.el6
  • perl-Time-HiRes-4:1.9721-119.el6
  • perl-Time-Piece-0:1.15-119.el6
  • perl-core-0:5.10.1-119.el6
  • perl-debuginfo-4:5.10.1-119.el6
  • perl-devel-4:5.10.1-119.el6
  • perl-libs-4:5.10.1-119.el6
  • perl-parent-1:0.221-119.el6
  • perl-suidperl-4:5.10.1-119.el6
  • perl-version-3:0.77-119.el6
  • perl-3:5.8.5-57.el4
  • perl-4:5.8.8-32.el5_7.6
  • perl-debuginfo-3:5.8.5-57.el4
  • perl-debuginfo-4:5.8.8-32.el5_7.6
  • perl-suidperl-3:5.8.5-57.el4
  • perl-suidperl-4:5.8.8-32.el5_7.6

References