Vulnerabilities > CVE-2010-4411 - Unspecified vulnerability in Andy Armstrong Cgi.Pm

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
andy-armstrong
nessus

Summary

Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.

Vulnerable Configurations

Part Description Count
Application
Andy_Armstrong
154

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201110-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201110-03 (Bugzilla: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Bugzilla. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could conduct cross-site scripting attacks, conduct script insertion and spoofing attacks, hijack the authentication of arbitrary users, inject arbitrary HTTP headers, obtain access to arbitrary accounts, disclose the existence of confidential groups and its names, or inject arbitrary e-mail headers. A local attacker could disclose the contents of temporarfy files for uploaded attachments. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id56445
    published2011-10-11
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56445
    titleGLSA-201110-03 : Bugzilla: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201110-03.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(56445);
      script_version("1.8");
      script_cvs_date("Date: 2018/07/11 17:09:26");
    
      script_cve_id("CVE-2010-2761", "CVE-2010-3172", "CVE-2010-3764", "CVE-2010-4411", "CVE-2010-4567", "CVE-2010-4568", "CVE-2010-4569", "CVE-2010-4570", "CVE-2010-4572", "CVE-2011-0046", "CVE-2011-0048", "CVE-2011-2379", "CVE-2011-2380", "CVE-2011-2381", "CVE-2011-2976", "CVE-2011-2977", "CVE-2011-2978", "CVE-2011-2979");
      script_bugtraq_id(44618, 45145, 45982, 49042);
      script_xref(name:"GLSA", value:"201110-03");
    
      script_name(english:"GLSA-201110-03 : Bugzilla: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201110-03
    (Bugzilla: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Bugzilla. Please review
          the CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker could conduct cross-site scripting attacks, conduct
          script insertion and spoofing attacks, hijack the authentication of
          arbitrary users, inject arbitrary HTTP headers, obtain access to
          arbitrary accounts, disclose the existence of confidential groups and its
          names, or inject arbitrary e-mail headers.
        A local attacker could disclose the contents of temporarfy files for
          uploaded attachments.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201110-03"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Bugzilla users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-apps/bugzilla-3.6.6'
        NOTE: This is a legacy GLSA. Updates for all affected architectures are
          available since August 27, 2011. It is likely that your system is already
          no longer affected by this issue."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:bugzilla");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/10/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"www-apps/bugzilla", unaffected:make_list("ge 3.6.6"), vulnerable:make_list("lt 3.6.6"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Bugzilla");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0558.NASL
    descriptionUpdated perl packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. The Perl CGI module provides resources for preparing and processing Common Gateway Interface (CGI) based HTTP requests and responses. It was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially crafted HTTP request. (CVE-2010-2761) A CRLF injection flaw was found in the way the Perl CGI module processed a sequence of non-whitespace preceded by newline characters in the header. A remote attacker could use this flaw to conduct an HTTP response splitting attack via a specially crafted sequence of characters provided to the CGI module. (CVE-2010-4410) It was found that certain Perl string manipulation functions (such as uc() and lc()) failed to preserve the taint bit. A remote attacker could use this flaw to bypass the Perl taint mode protection mechanism in scripts that use the affected functions to process tainted input. (CVE-2011-1487) These packages upgrade the CGI module to version 3.51. Refer to the CGI module
    last seen2020-06-01
    modified2020-06-02
    plugin id54593
    published2011-05-20
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/54593
    titleRHEL 6 : perl (RHSA-2011:0558)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2011:0558. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(54593);
      script_version ("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:16");
    
      script_cve_id("CVE-2010-2761", "CVE-2010-4410", "CVE-2010-4411", "CVE-2011-1487");
      script_bugtraq_id(45145, 47124);
      script_xref(name:"RHSA", value:"2011:0558");
    
      script_name(english:"RHEL 6 : perl (RHSA-2011:0558)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated perl packages that fix three security issues and several bugs
    are now available for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    Perl is a high-level programming language commonly used for system
    administration utilities and web programming. The Perl CGI module
    provides resources for preparing and processing Common Gateway
    Interface (CGI) based HTTP requests and responses.
    
    It was found that the Perl CGI module used a hard-coded value for the
    MIME boundary string in multipart/x-mixed-replace content. A remote
    attacker could possibly use this flaw to conduct an HTTP response
    splitting attack via a specially crafted HTTP request. (CVE-2010-2761)
    
    A CRLF injection flaw was found in the way the Perl CGI module
    processed a sequence of non-whitespace preceded by newline characters
    in the header. A remote attacker could use this flaw to conduct an
    HTTP response splitting attack via a specially crafted sequence of
    characters provided to the CGI module. (CVE-2010-4410)
    
    It was found that certain Perl string manipulation functions (such as
    uc() and lc()) failed to preserve the taint bit. A remote attacker
    could use this flaw to bypass the Perl taint mode protection mechanism
    in scripts that use the affected functions to process tainted input.
    (CVE-2011-1487)
    
    These packages upgrade the CGI module to version 3.51. Refer to the
    CGI module's Changes file, linked to in the References, for a full
    list of changes.
    
    This update also fixes the following bugs :
    
    * When using the 'threads' module, an attempt to send a signal to a
    thread that did not have a signal handler specified caused the perl
    interpreter to terminate unexpectedly with a segmentation fault. With
    this update, the 'threads' module has been updated to upstream version
    1.82, which fixes this bug. As a result, sending a signal to a thread
    that does not have the signal handler specified no longer causes perl
    to crash. (BZ#626330)
    
    * Prior to this update, the perl packages did not require the
    Digest::SHA module as a dependency. Consequent to this, when a user
    started the cpan command line interface and attempted to download a
    distribution from CPAN, they may have been presented with the
    following message :
    
    CPAN: checksum security checks disabled because Digest::SHA not
    installed. Please consider installing the Digest::SHA module.
    
    This update corrects the spec file for the perl package to require the
    perl-Digest-SHA package as a dependency, and cpan no longer displays
    the above message. (BZ#640716)
    
    * When using the 'threads' module, continual creation and destruction
    of threads could cause the Perl program to consume an increasing
    amount of memory. With this update, the underlying source code has
    been corrected to free the allocated memory when a thread is
    destroyed, and the continual creation and destruction of threads in
    Perl programs no longer leads to memory leaks. (BZ#640720)
    
    * Due to a packaging error, the perl packages did not include the
    'NDBM_File' module. This update corrects this error, and 'NDBM_File'
    is now included as expected. (BZ#640729)
    
    * Prior to this update, the prove(1) manual page and the 'prove
    --help' command listed '--fork' as a valid command line option.
    However, version 3.17 of the Test::Harness distribution removed the
    support for the fork-based parallel testing, and the prove utility
    thus no longer supports this option. This update corrects both the
    manual page and the output of the 'prove --help' command, so that
    '--fork' is no longer included in the list of available command line
    options. (BZ#609492)
    
    Users of Perl, especially those of Perl threads, are advised to
    upgrade to these updated packages, which correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-2761"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-4410"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-1487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.51/Changes"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2011:0558"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Archive-Extract");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Archive-Tar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-CGI");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-CPAN");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-CPANPLUS");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Compress-Zlib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Digest-SHA");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-ExtUtils-CBuilder");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-ExtUtils-Embed");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-ExtUtils-MakeMaker");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-ExtUtils-ParseXS");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-File-Fetch");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-IO-Compress-Base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-IO-Compress-Zlib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-IO-Zlib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-IPC-Cmd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Locale-Maketext-Simple");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Log-Message");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Log-Message-Simple");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Module-Build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Module-CoreList");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Module-Load");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Module-Load-Conditional");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Module-Loaded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Module-Pluggable");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Object-Accessor");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Package-Constants");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Params-Check");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Parse-CPAN-Meta");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Pod-Escapes");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Pod-Simple");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Term-UI");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Test-Harness");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Test-Simple");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Time-HiRes");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Time-Piece");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-parent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-suidperl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-version");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/12/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/05/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2011:0558";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Archive-Extract-0.38-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Archive-Extract-0.38-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Archive-Extract-0.38-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Archive-Tar-1.58-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Archive-Tar-1.58-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Archive-Tar-1.58-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-CGI-3.51-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-CGI-3.51-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-CGI-3.51-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-CPAN-1.9402-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-CPAN-1.9402-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-CPAN-1.9402-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-CPANPLUS-0.88-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-CPANPLUS-0.88-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-CPANPLUS-0.88-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Compress-Zlib-2.020-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Compress-Zlib-2.020-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Compress-Zlib-2.020-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Digest-SHA-5.47-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Digest-SHA-5.47-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Digest-SHA-5.47-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-ExtUtils-CBuilder-0.27-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-ExtUtils-CBuilder-0.27-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-ExtUtils-CBuilder-0.27-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-ExtUtils-Embed-1.28-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-ExtUtils-Embed-1.28-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-ExtUtils-Embed-1.28-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-ExtUtils-MakeMaker-6.55-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-ExtUtils-MakeMaker-6.55-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-ExtUtils-MakeMaker-6.55-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-ExtUtils-ParseXS-2.2003.0-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-ExtUtils-ParseXS-2.2003.0-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-ExtUtils-ParseXS-2.2003.0-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-File-Fetch-0.26-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-File-Fetch-0.26-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-File-Fetch-0.26-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-IO-Compress-Base-2.020-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-IO-Compress-Base-2.020-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-IO-Compress-Base-2.020-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-IO-Compress-Zlib-2.020-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-IO-Compress-Zlib-2.020-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-IO-Compress-Zlib-2.020-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-IO-Zlib-1.09-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-IO-Zlib-1.09-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-IO-Zlib-1.09-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-IPC-Cmd-0.56-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-IPC-Cmd-0.56-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-IPC-Cmd-0.56-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Locale-Maketext-Simple-0.18-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Locale-Maketext-Simple-0.18-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Locale-Maketext-Simple-0.18-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Log-Message-0.02-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Log-Message-0.02-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Log-Message-0.02-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Log-Message-Simple-0.04-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Log-Message-Simple-0.04-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Log-Message-Simple-0.04-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Module-Build-0.3500-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Module-Build-0.3500-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Module-Build-0.3500-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Module-CoreList-2.18-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Module-CoreList-2.18-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Module-CoreList-2.18-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Module-Load-0.16-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Module-Load-0.16-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Module-Load-0.16-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Module-Load-Conditional-0.30-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Module-Load-Conditional-0.30-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Module-Load-Conditional-0.30-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Module-Loaded-0.02-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Module-Loaded-0.02-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Module-Loaded-0.02-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Module-Pluggable-3.90-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Module-Pluggable-3.90-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Module-Pluggable-3.90-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Object-Accessor-0.34-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Object-Accessor-0.34-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Object-Accessor-0.34-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Package-Constants-0.02-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Package-Constants-0.02-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Package-Constants-0.02-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Params-Check-0.26-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Params-Check-0.26-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Params-Check-0.26-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Parse-CPAN-Meta-1.40-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Parse-CPAN-Meta-1.40-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Parse-CPAN-Meta-1.40-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Pod-Escapes-1.04-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Pod-Escapes-1.04-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Pod-Escapes-1.04-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Pod-Simple-3.13-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Pod-Simple-3.13-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Pod-Simple-3.13-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Term-UI-0.20-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Term-UI-0.20-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Term-UI-0.20-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Test-Harness-3.17-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Test-Harness-3.17-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Test-Harness-3.17-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Test-Simple-0.92-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Test-Simple-0.92-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Test-Simple-0.92-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Time-HiRes-1.9721-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Time-HiRes-1.9721-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Time-HiRes-1.9721-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-Time-Piece-1.15-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-Time-Piece-1.15-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-Time-Piece-1.15-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-core-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-core-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-core-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"perl-debuginfo-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"perl-devel-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"perl-libs-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-parent-0.221-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-parent-0.221-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-parent-0.221-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-suidperl-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-suidperl-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-suidperl-5.10.1-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perl-version-0.77-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perl-version-0.77-119.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perl-version-0.77-119.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-Archive-Extract / perl-Archive-Tar / perl-CGI / etc");
      }
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C8C927E5289111E08F2600151735203A.NASL
    descriptionA Bugzilla Security Advisory reports : This advisory covers three security issues that have recently been fixed in the Bugzilla code : - A weakness in Bugzilla could allow a user to gain unauthorized access to another Bugzilla account. - A weakness in the Perl CGI.pm module allows injecting HTTP headers and content to users via several pages in Bugzilla. - If you put a harmful
    last seen2020-06-01
    modified2020-06-02
    plugin id51670
    published2011-01-26
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51670
    titleFreeBSD : bugzilla -- multiple serious vulnerabilities (c8c927e5-2891-11e0-8f26-00151735203a)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(51670);
      script_version("1.10");
      script_cvs_date("Date: 2019/08/02 13:32:41");
    
      script_cve_id("CVE-2010-0048", "CVE-2010-2761", "CVE-2010-4411", "CVE-2010-4567", "CVE-2010-4568", "CVE-2010-4572", "CVE-2011-0046");
      script_bugtraq_id(25425);
    
      script_name(english:"FreeBSD : bugzilla -- multiple serious vulnerabilities (c8c927e5-2891-11e0-8f26-00151735203a)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A Bugzilla Security Advisory reports :
    
    This advisory covers three security issues that have recently been
    fixed in the Bugzilla code :
    
    - A weakness in Bugzilla could allow a user to gain unauthorized
    access to another Bugzilla account.
    
    - A weakness in the Perl CGI.pm module allows injecting HTTP headers
    and content to users via several pages in Bugzilla.
    
    - If you put a harmful 'javascript:' or 'data:' URL into Bugzilla's
    'URL' field, then there are multiple situations in which Bugzilla will
    unintentionally make that link clickable.
    
    - Various pages lack protection against cross-site request forgeries.
    
    All affected installations are encouraged to upgrade as soon as
    possible."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=621591"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=619594"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=591165"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=621572"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=619588"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=628034"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=621090"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=621105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=621107"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=621108"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=621109"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=621110"
      );
      # https://vuxml.freebsd.org/freebsd/c8c927e5-2891-11e0-8f26-00151735203a.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4f3ca8a3"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:bugzilla");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/01/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/01/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"bugzilla>=2.14.*<3.6.4")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_PERL-110112.NASL
    descriptionMultiple header injection problems in the CGI module of perl have been fixed. They allowed to inject HTTP headers in responses. CVE-2010-2761, CVE-2010-4410 and CVE-2010-4411 have been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id53789
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53789
    titleopenSUSE Security Update : perl (openSUSE-SU-2011:0064-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update perl-3806.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(53789);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/25 13:36:41");
    
      script_cve_id("CVE-2010-2761", "CVE-2010-3172", "CVE-2010-4410", "CVE-2010-4411");
    
      script_name(english:"openSUSE Security Update : perl (openSUSE-SU-2011:0064-1)");
      script_summary(english:"Check for the perl-3806 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple header injection problems in the CGI module of perl have been
    fixed. They allowed to inject HTTP headers in responses.
    CVE-2010-2761, CVE-2010-4410 and CVE-2010-4411 have been assigned to
    this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=657343"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-01/msg00027.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected perl packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-base-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/01/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/05");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.2", reference:"perl-5.10.0-72.9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"perl-base-5.10.0-72.9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", cpu:"x86_64", reference:"perl-32bit-5.10.0-72.9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", cpu:"x86_64", reference:"perl-base-32bit-5.10.0-72.9.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_141552-04.NASL
    descriptionSunOS 5.10: Apache 2 mod_perl Perl cgi pat. Date this patch was last updated by Sun : Apr/20/11
    last seen2020-06-01
    modified2020-06-02
    plugin id107527
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107527
    titleSolaris 10 (sparc) : 141552-04
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(107527);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/25 13:36:27");
    
      script_cve_id("CVE-2010-2761", "CVE-2010-4411");
    
      script_name(english:"Solaris 10 (sparc) : 141552-04");
      script_summary(english:"Check for patch 141552-04");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 141552-04"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.10: Apache 2 mod_perl Perl cgi pat.
    Date this patch was last updated by Sun : Apr/20/11"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/141552-04"
      );
      script_set_attribute(attribute:"solution", value:"Install patch 141552-04");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:122239");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:138322");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:141552");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/04/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    showrev = get_kb_item("Host/Solaris/showrev");
    if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
    os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
    if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
    full_ver = os_ver[1];
    os_level = os_ver[2];
    if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
    package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
    if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
    package_arch = package_arch[1];
    if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch);
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"141552-04", obsoleted_by:"146032-03 148561-04 ", package:"SUNWperl584core", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"141552-04", obsoleted_by:"146032-03 148561-04 ", package:"SUNWperl584usr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
    
    if (flag) {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : solaris_get_report()
      );
    } else {
      patch_fix = solaris_patch_fix_get();
      if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
      tested = solaris_pkg_tests_get();
      if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWperl584core / SUNWperl584usr");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_PERL-CGI-SIMPLE-110127.NASL
    descriptionThe following vulnerabilities have been fixed in perl-CGI-Simple: CVE-2010-4410 - crlf injection CVE-2010-4411 - incomplete fix for crlf injection
    last seen2020-06-01
    modified2020-06-02
    plugin id75709
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75709
    titleopenSUSE Security Update : perl-CGI-Simple (openSUSE-SU-2011:0083-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update perl-CGI-Simple-3872.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75709);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/25 13:36:41");
    
      script_cve_id("CVE-2010-4410", "CVE-2010-4411");
    
      script_name(english:"openSUSE Security Update : perl-CGI-Simple (openSUSE-SU-2011:0083-1)");
      script_summary(english:"Check for the perl-CGI-Simple-3872 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The following vulnerabilities have been fixed in perl-CGI-Simple:
    CVE-2010-4410 - crlf injection CVE-2010-4411 - incomplete fix for crlf
    injection"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=663396"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-01/msg00032.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected perl-CGI-Simple package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-CGI-Simple");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/01/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.3", reference:"perl-CGI-Simple-1.113-0.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-CGI-Simple");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1129-1.NASL
    descriptionIt was discovered that the Safe.pm Perl module incorrectly handled Safe::reval and Safe::rdo access restrictions. An attacker could use this flaw to bypass intended restrictions and possibly execute arbitrary code. (CVE-2010-1168, CVE-2010-1447) It was discovered that the CGI.pm Perl module incorrectly handled certain MIME boundary strings. An attacker could use this flaw to inject arbitrary HTTP headers and perform HTTP response splitting and cross-site scripting attacks. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 10.04 LTS and 10.10. (CVE-2010-2761, CVE-2010-4411) It was discovered that the CGI.pm Perl module incorrectly handled newline characters. An attacker could use this flaw to inject arbitrary HTTP headers and perform HTTP response splitting and cross-site scripting attacks. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 10.04 LTS and 10.10. (CVE-2010-4410) It was discovered that the lc, lcfirst, uc, and ucfirst functions did not properly apply the taint attribute when processing tainted input. An attacker could use this flaw to bypass intended restrictions. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS and 10.10. (CVE-2011-1487). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55090
    published2011-06-13
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55090
    titleUbuntu 6.06 LTS / 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : perl vulnerabilities (USN-1129-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_PERL-CGI-SIMPLE-110127.NASL
    descriptionThe following vulnerabilities have been fixed in perl-CGI-Simple: CVE-2010-4410 - crlf injection CVE-2010-4411 - incomplete fix for crlf injection
    last seen2020-06-01
    modified2020-06-02
    plugin id53791
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53791
    titleopenSUSE Security Update : perl-CGI-Simple (openSUSE-SU-2011:0083-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_PERL-7316.NASL
    descriptionMultiple header injection problems in the CGI module of perl have been fixed. They allowed to inject HTTP headers in responses. - have been assigned to this issue. (CVE-2010-2761 / CVE-2010-4410 / CVE-2010-4411)
    last seen2020-06-01
    modified2020-06-02
    plugin id51641
    published2011-01-21
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51641
    titleSuSE 10 Security Update : Perl (ZYPP Patch Number 7316)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_PERL-110112.NASL
    descriptionMultiple header injection problems in the CGI module of perl have been fixed. They allowed to inject HTTP headers in responses. CVE-2010-2761 / CVE-2010-4410 / CVE-2010-4411 have been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id51630
    published2011-01-21
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51630
    titleSuSE 11.1 Security Update : perl (SAT Patch Number 3804)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_PERL-110112.NASL
    descriptionMultiple header injection problems in the CGI module of perl have been fixed. They allowed to inject HTTP headers in responses. CVE-2010-2761, CVE-2010-4410 and CVE-2010-4411 have been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id75705
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75705
    titleopenSUSE Security Update : perl (openSUSE-SU-2011:0064-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-0755.NASL
    descriptionSome serious security issues were discovered in Bugzilla and have been fixed in 3.4.10 and 3.6.4. See http://www.bugzilla.org/security/3.2.9/ for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id51856
    published2011-02-03
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51856
    titleFedora 13 : bugzilla-3.4.10-1.fc13 (2011-0755)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-0741.NASL
    descriptionSome serious security issues were discovered in Bugzilla and have been fixed in 3.4.10 and 3.6.4. See http://www.bugzilla.org/security/3.2.9/ for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id51855
    published2011-02-03
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51855
    titleFedora 14 : bugzilla-3.6.4-1.fc14 (2011-0741)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_141553-04.NASL
    descriptionSunOS 5.10_x86: Apache 2 mod_perl Perl cgi. Date this patch was last updated by Sun : Apr/20/11
    last seen2020-06-01
    modified2020-06-02
    plugin id108026
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108026
    titleSolaris 10 (x86) : 141553-04
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-008.NASL
    descriptionA vulnerability has been found and corrected in perl-CGI : Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761 (CVE-2010-4411). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been upgraded to the latest version (3.51) which is not affected by this issue and in turn also brings many bugfixes.
    last seen2020-06-01
    modified2020-06-02
    plugin id51800
    published2011-01-28
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51800
    titleMandriva Linux Security Advisory : perl-CGI (MDVSA-2011:008)