Vulnerabilities > CVE-2011-0990 - Race Condition vulnerability in multiple products

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
mono
novell
CWE-362
nessus
NVD
Published: 2011-04-13
Updated: 2017-08-17

Summary

Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.

Vulnerable Configurations

Part Description Count
Application
Mono
1
Application
Novell
6

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_LIBMOON-DEVEL-110406.NASL
    descriptionMoonlight was prone to several security problems : CVE-2011-0989: modification of read-only values via RuntimeHelpers.InitializeArray CVE-2011-0990: buffer overflow due to race condition in in Array.FastCopy CVE-2011-0991: use-after-free due to DynamicMethod resurrection CVE-2011-0992: information leak due to improper thread finalization
    last seen2020-06-01
    modified2020-06-02
    plugin id75588
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75588
    titleopenSUSE Security Update : libmoon-devel (openSUSE-SU-2011:0313-1)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update libmoon-devel-4318.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(75588);
  script_version("1.4");
  script_cvs_date("Date: 2019/10/25 13:36:41");

  script_cve_id("CVE-2011-0989", "CVE-2011-0990", "CVE-2011-0991", "CVE-2011-0992");

  script_name(english:"openSUSE Security Update : libmoon-devel (openSUSE-SU-2011:0313-1)");
  script_summary(english:"Check for the libmoon-devel-4318 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Moonlight was prone to several security problems :

CVE-2011-0989: modification of read-only values via
RuntimeHelpers.InitializeArray CVE-2011-0990: buffer overflow due to
race condition in in Array.FastCopy CVE-2011-0991: use-after-free due
to DynamicMethod resurrection CVE-2011-0992: information leak due to
improper thread finalization"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=667077"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libmoon-devel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmoon-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmoon0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-desktop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-desktop-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-plugin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-web-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/04/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.3", reference:"libmoon-devel-2.4.1-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"libmoon0-2.4.1-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"moonlight-desktop-2.4.1-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"moonlight-desktop-devel-2.4.1-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"moonlight-plugin-2.4.1-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"moonlight-tools-2.4.1-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"moonlight-web-devel-2.4.1-0.2.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmoon-devel / libmoon0 / moonlight-desktop / etc");
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_LIBMOON-DEVEL-110406.NASL
    descriptionMoonlight was prone to several security problems : CVE-2011-0989: modification of read-only values via RuntimeHelpers.InitializeArray CVE-2011-0990: buffer overflow due to race condition in in Array.FastCopy CVE-2011-0991: use-after-free due to DynamicMethod resurrection CVE-2011-0992: information leak due to improper thread finalization
    last seen2020-06-01
    modified2020-06-02
    plugin id75903
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75903
    titleopenSUSE Security Update : libmoon-devel (openSUSE-SU-2011:0313-1)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update libmoon-devel-4318.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(75903);
  script_version("1.4");
  script_cvs_date("Date: 2019/10/25 13:36:42");

  script_cve_id("CVE-2011-0989", "CVE-2011-0990", "CVE-2011-0991", "CVE-2011-0992");

  script_name(english:"openSUSE Security Update : libmoon-devel (openSUSE-SU-2011:0313-1)");
  script_summary(english:"Check for the libmoon-devel-4318 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Moonlight was prone to several security problems :

CVE-2011-0989: modification of read-only values via
RuntimeHelpers.InitializeArray CVE-2011-0990: buffer overflow due to
race condition in in Array.FastCopy CVE-2011-0991: use-after-free due
to DynamicMethod resurrection CVE-2011-0992: information leak due to
improper thread finalization"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=667077"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libmoon-devel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmoon-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmoon0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmoon0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-desktop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-desktop-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-plugin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-plugin-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-web-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/04/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.4", reference:"libmoon-devel-2.4.1-0.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libmoon0-2.4.1-0.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libmoon0-debuginfo-2.4.1-0.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"moonlight-debugsource-2.4.1-0.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"moonlight-desktop-2.4.1-0.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"moonlight-desktop-devel-2.4.1-0.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"moonlight-plugin-2.4.1-0.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"moonlight-plugin-debuginfo-2.4.1-0.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"moonlight-tools-2.4.1-0.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"moonlight-web-devel-2.4.1-0.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmoon-devel / libmoon0 / moonlight-desktop / etc");
}
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201206-13.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201206-13 (Mono: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mono and Mono debugger. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code, bypass general constraints, obtain the source code for .aspx applications, obtain other sensitive information, cause a Denial of Service, modify internal data structures, or corrupt the internal state of the security manager. A local attacker could entice a user into running Mono debugger in a directory containing a specially crafted library file to execute arbitrary code with the privileges of the user running Mono debugger. A context-dependent attacker could bypass the authentication mechanism provided by the XML Signature specification. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id59651
    published2012-06-22
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59651
    titleGLSA-201206-13 : Mono: Multiple vulnerabilities
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201206-13.
#
# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(59651);
  script_version("1.9");
  script_cvs_date("Date: 2019/08/12 17:35:38");

  script_cve_id("CVE-2009-0217", "CVE-2010-3332", "CVE-2010-3369", "CVE-2010-4159", "CVE-2010-4225", "CVE-2010-4254", "CVE-2011-0989", "CVE-2011-0990", "CVE-2011-0991", "CVE-2011-0992");
  script_bugtraq_id(35671, 43316, 44351, 44810, 45051, 45711, 47208);
  script_xref(name:"GLSA", value:"201206-13");

  script_name(english:"GLSA-201206-13 : Mono: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201206-13
(Mono: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Mono and Mono debugger.
      Please review the CVE identifiers referenced below for details.
  
Impact :

    A remote attacker could execute arbitrary code, bypass general
      constraints, obtain the source code for .aspx applications, obtain other
      sensitive information, cause a Denial of Service, modify internal data
      structures, or corrupt the internal state of the security manager.
    A local attacker could entice a user into running Mono debugger in a
      directory containing a specially crafted library file to execute
      arbitrary code with the privileges of the user running Mono debugger.
    A context-dependent attacker could bypass the authentication mechanism
      provided by the XML Signature specification.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201206-13"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All Mono debugger users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=dev-util/mono-debugger-2.8.1-r1'
    All Mono users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=dev-lang/mono-2.10.2-r1'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mono");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mono-debugger");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/06/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/22");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"dev-lang/mono", unaffected:make_list("ge 2.10.2-r1"), vulnerable:make_list("lt 2.10.2-r1"))) flag++;
if (qpkg_check(package:"dev-util/mono-debugger", unaffected:make_list("ge 2.8.1-r1"), vulnerable:make_list("lt 2.8.1-r1"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mono");
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBMOON-DEVEL-110329.NASL
    descriptionMoonlight was prone to several security problems : - modification of read-only values via RuntimeHelpers.InitializeArray. (CVE-2011-0989) - buffer overflow due to race condition in in Array.FastCopy. (CVE-2011-0990) - use-after-free due to DynamicMethod resurrection. (CVE-2011-0991) - information leak due to improper thread finalization These issues have been fixed. (CVE-2011-0992)
    last seen2020-06-01
    modified2020-06-02
    plugin id53314
    published2011-04-07
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/53314
    titleSuSE 11.1 Security Update : moonlight (SAT Patch Number 4246)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(53314);
  script_version("1.6");
  script_cvs_date("Date: 2019/10/25 13:36:42");

  script_cve_id("CVE-2011-0989", "CVE-2011-0990", "CVE-2011-0991", "CVE-2011-0992");

  script_name(english:"SuSE 11.1 Security Update : moonlight (SAT Patch Number 4246)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Moonlight was prone to several security problems :

  - modification of read-only values via
    RuntimeHelpers.InitializeArray. (CVE-2011-0989)

  - buffer overflow due to race condition in in
    Array.FastCopy. (CVE-2011-0990)

  - use-after-free due to DynamicMethod resurrection.
    (CVE-2011-0991)

  - information leak due to improper thread finalization
    These issues have been fixed. (CVE-2011-0992)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=667077"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-0989.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-0990.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-0991.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-0992.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 4246.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmoon0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:moonlight-plugin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:moonlight-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/03/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/07");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");


flag = 0;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libmoon0-2.4.1-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"moonlight-plugin-2.4.1-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"moonlight-tools-2.4.1-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libmoon0-2.4.1-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"moonlight-plugin-2.4.1-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"moonlight-tools-2.4.1-0.5.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

References