Vulnerabilities > CVE-2011-0991 - Resource Management Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 6 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_3_LIBMOON-DEVEL-110406.NASL description Moonlight was prone to several security problems : CVE-2011-0989: modification of read-only values via RuntimeHelpers.InitializeArray CVE-2011-0990: buffer overflow due to race condition in in Array.FastCopy CVE-2011-0991: use-after-free due to DynamicMethod resurrection CVE-2011-0992: information leak due to improper thread finalization last seen 2020-06-01 modified 2020-06-02 plugin id 75588 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75588 title openSUSE Security Update : libmoon-devel (openSUSE-SU-2011:0313-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update libmoon-devel-4318. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75588); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:41"); script_cve_id("CVE-2011-0989", "CVE-2011-0990", "CVE-2011-0991", "CVE-2011-0992"); script_name(english:"openSUSE Security Update : libmoon-devel (openSUSE-SU-2011:0313-1)"); script_summary(english:"Check for the libmoon-devel-4318 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Moonlight was prone to several security problems : CVE-2011-0989: modification of read-only values via RuntimeHelpers.InitializeArray CVE-2011-0990: buffer overflow due to race condition in in Array.FastCopy CVE-2011-0991: use-after-free due to DynamicMethod resurrection CVE-2011-0992: information leak due to improper thread finalization" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=667077" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html" ); script_set_attribute( attribute:"solution", value:"Update the affected libmoon-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmoon-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmoon0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-desktop-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-web-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3"); script_set_attribute(attribute:"patch_publication_date", value:"2011/04/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.3", reference:"libmoon-devel-2.4.1-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"libmoon0-2.4.1-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"moonlight-desktop-2.4.1-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"moonlight-desktop-devel-2.4.1-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"moonlight-plugin-2.4.1-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"moonlight-tools-2.4.1-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"moonlight-web-devel-2.4.1-0.2.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmoon-devel / libmoon0 / moonlight-desktop / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_11_4_LIBMOON-DEVEL-110406.NASL description Moonlight was prone to several security problems : CVE-2011-0989: modification of read-only values via RuntimeHelpers.InitializeArray CVE-2011-0990: buffer overflow due to race condition in in Array.FastCopy CVE-2011-0991: use-after-free due to DynamicMethod resurrection CVE-2011-0992: information leak due to improper thread finalization last seen 2020-06-01 modified 2020-06-02 plugin id 75903 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75903 title openSUSE Security Update : libmoon-devel (openSUSE-SU-2011:0313-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update libmoon-devel-4318. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75903); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:42"); script_cve_id("CVE-2011-0989", "CVE-2011-0990", "CVE-2011-0991", "CVE-2011-0992"); script_name(english:"openSUSE Security Update : libmoon-devel (openSUSE-SU-2011:0313-1)"); script_summary(english:"Check for the libmoon-devel-4318 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Moonlight was prone to several security problems : CVE-2011-0989: modification of read-only values via RuntimeHelpers.InitializeArray CVE-2011-0990: buffer overflow due to race condition in in Array.FastCopy CVE-2011-0991: use-after-free due to DynamicMethod resurrection CVE-2011-0992: information leak due to improper thread finalization" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=667077" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html" ); script_set_attribute( attribute:"solution", value:"Update the affected libmoon-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmoon-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmoon0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmoon0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-desktop-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-plugin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-web-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4"); script_set_attribute(attribute:"patch_publication_date", value:"2011/04/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.4", reference:"libmoon-devel-2.4.1-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libmoon0-2.4.1-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libmoon0-debuginfo-2.4.1-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"moonlight-debugsource-2.4.1-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"moonlight-desktop-2.4.1-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"moonlight-desktop-devel-2.4.1-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"moonlight-plugin-2.4.1-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"moonlight-plugin-debuginfo-2.4.1-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"moonlight-tools-2.4.1-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"moonlight-web-devel-2.4.1-0.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmoon-devel / libmoon0 / moonlight-desktop / etc"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201206-13.NASL description The remote host is affected by the vulnerability described in GLSA-201206-13 (Mono: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mono and Mono debugger. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code, bypass general constraints, obtain the source code for .aspx applications, obtain other sensitive information, cause a Denial of Service, modify internal data structures, or corrupt the internal state of the security manager. A local attacker could entice a user into running Mono debugger in a directory containing a specially crafted library file to execute arbitrary code with the privileges of the user running Mono debugger. A context-dependent attacker could bypass the authentication mechanism provided by the XML Signature specification. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 59651 published 2012-06-22 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59651 title GLSA-201206-13 : Mono: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201206-13. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(59651); script_version("1.9"); script_cvs_date("Date: 2019/08/12 17:35:38"); script_cve_id("CVE-2009-0217", "CVE-2010-3332", "CVE-2010-3369", "CVE-2010-4159", "CVE-2010-4225", "CVE-2010-4254", "CVE-2011-0989", "CVE-2011-0990", "CVE-2011-0991", "CVE-2011-0992"); script_bugtraq_id(35671, 43316, 44351, 44810, 45051, 45711, 47208); script_xref(name:"GLSA", value:"201206-13"); script_name(english:"GLSA-201206-13 : Mono: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201206-13 (Mono: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mono and Mono debugger. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code, bypass general constraints, obtain the source code for .aspx applications, obtain other sensitive information, cause a Denial of Service, modify internal data structures, or corrupt the internal state of the security manager. A local attacker could entice a user into running Mono debugger in a directory containing a specially crafted library file to execute arbitrary code with the privileges of the user running Mono debugger. A context-dependent attacker could bypass the authentication mechanism provided by the XML Signature specification. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201206-13" ); script_set_attribute( attribute:"solution", value: "All Mono debugger users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-util/mono-debugger-2.8.1-r1' All Mono users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/mono-2.10.2-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mono"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mono-debugger"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/14"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-lang/mono", unaffected:make_list("ge 2.10.2-r1"), vulnerable:make_list("lt 2.10.2-r1"))) flag++; if (qpkg_check(package:"dev-util/mono-debugger", unaffected:make_list("ge 2.8.1-r1"), vulnerable:make_list("lt 2.8.1-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mono"); }NASL family SuSE Local Security Checks NASL id SUSE_11_LIBMOON-DEVEL-110329.NASL description Moonlight was prone to several security problems : - modification of read-only values via RuntimeHelpers.InitializeArray. (CVE-2011-0989) - buffer overflow due to race condition in in Array.FastCopy. (CVE-2011-0990) - use-after-free due to DynamicMethod resurrection. (CVE-2011-0991) - information leak due to improper thread finalization These issues have been fixed. (CVE-2011-0992) last seen 2020-06-01 modified 2020-06-02 plugin id 53314 published 2011-04-07 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53314 title SuSE 11.1 Security Update : moonlight (SAT Patch Number 4246) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(53314); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:42"); script_cve_id("CVE-2011-0989", "CVE-2011-0990", "CVE-2011-0991", "CVE-2011-0992"); script_name(english:"SuSE 11.1 Security Update : moonlight (SAT Patch Number 4246)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Moonlight was prone to several security problems : - modification of read-only values via RuntimeHelpers.InitializeArray. (CVE-2011-0989) - buffer overflow due to race condition in in Array.FastCopy. (CVE-2011-0990) - use-after-free due to DynamicMethod resurrection. (CVE-2011-0991) - information leak due to improper thread finalization These issues have been fixed. (CVE-2011-0992)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=667077" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-0989.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-0990.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-0991.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-0992.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 4246."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmoon0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:moonlight-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:moonlight-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1"); flag = 0; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libmoon0-2.4.1-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"moonlight-plugin-2.4.1-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"moonlight-tools-2.4.1-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libmoon0-2.4.1-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"moonlight-plugin-2.4.1-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"moonlight-tools-2.4.1-0.5.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html
- http://openwall.com/lists/oss-security/2011/04/06/14
- http://secunia.com/advisories/44002
- http://secunia.com/advisories/44076
- http://www.mono-project.com/Vulnerabilities
- http://www.securityfocus.com/bid/47208
- http://www.vupen.com/english/advisories/2011/0904
- https://bugzilla.novell.com/show_bug.cgi?id=660422
- https://bugzilla.novell.com/show_bug.cgi?id=667077
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66626
- https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a
- https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c
- https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0