Vulnerabilities > CVE-2011-0992 - Resource Management Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
PARTIAL Summary
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 6 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_3_LIBMOON-DEVEL-110406.NASL description Moonlight was prone to several security problems : CVE-2011-0989: modification of read-only values via RuntimeHelpers.InitializeArray CVE-2011-0990: buffer overflow due to race condition in in Array.FastCopy CVE-2011-0991: use-after-free due to DynamicMethod resurrection CVE-2011-0992: information leak due to improper thread finalization last seen 2020-06-01 modified 2020-06-02 plugin id 75588 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75588 title openSUSE Security Update : libmoon-devel (openSUSE-SU-2011:0313-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update libmoon-devel-4318. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75588); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:41"); script_cve_id("CVE-2011-0989", "CVE-2011-0990", "CVE-2011-0991", "CVE-2011-0992"); script_name(english:"openSUSE Security Update : libmoon-devel (openSUSE-SU-2011:0313-1)"); script_summary(english:"Check for the libmoon-devel-4318 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Moonlight was prone to several security problems : CVE-2011-0989: modification of read-only values via RuntimeHelpers.InitializeArray CVE-2011-0990: buffer overflow due to race condition in in Array.FastCopy CVE-2011-0991: use-after-free due to DynamicMethod resurrection CVE-2011-0992: information leak due to improper thread finalization" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=667077" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html" ); script_set_attribute( attribute:"solution", value:"Update the affected libmoon-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmoon-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmoon0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-desktop-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-web-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3"); script_set_attribute(attribute:"patch_publication_date", value:"2011/04/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.3", reference:"libmoon-devel-2.4.1-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"libmoon0-2.4.1-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"moonlight-desktop-2.4.1-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"moonlight-desktop-devel-2.4.1-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"moonlight-plugin-2.4.1-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"moonlight-tools-2.4.1-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"moonlight-web-devel-2.4.1-0.2.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmoon-devel / libmoon0 / moonlight-desktop / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_11_4_LIBMOON-DEVEL-110406.NASL description Moonlight was prone to several security problems : CVE-2011-0989: modification of read-only values via RuntimeHelpers.InitializeArray CVE-2011-0990: buffer overflow due to race condition in in Array.FastCopy CVE-2011-0991: use-after-free due to DynamicMethod resurrection CVE-2011-0992: information leak due to improper thread finalization last seen 2020-06-01 modified 2020-06-02 plugin id 75903 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75903 title openSUSE Security Update : libmoon-devel (openSUSE-SU-2011:0313-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update libmoon-devel-4318. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75903); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:42"); script_cve_id("CVE-2011-0989", "CVE-2011-0990", "CVE-2011-0991", "CVE-2011-0992"); script_name(english:"openSUSE Security Update : libmoon-devel (openSUSE-SU-2011:0313-1)"); script_summary(english:"Check for the libmoon-devel-4318 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Moonlight was prone to several security problems : CVE-2011-0989: modification of read-only values via RuntimeHelpers.InitializeArray CVE-2011-0990: buffer overflow due to race condition in in Array.FastCopy CVE-2011-0991: use-after-free due to DynamicMethod resurrection CVE-2011-0992: information leak due to improper thread finalization" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=667077" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html" ); script_set_attribute( attribute:"solution", value:"Update the affected libmoon-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmoon-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmoon0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmoon0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-desktop-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-plugin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-web-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4"); script_set_attribute(attribute:"patch_publication_date", value:"2011/04/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.4", reference:"libmoon-devel-2.4.1-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libmoon0-2.4.1-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libmoon0-debuginfo-2.4.1-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"moonlight-debugsource-2.4.1-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"moonlight-desktop-2.4.1-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"moonlight-desktop-devel-2.4.1-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"moonlight-plugin-2.4.1-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"moonlight-plugin-debuginfo-2.4.1-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"moonlight-tools-2.4.1-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"moonlight-web-devel-2.4.1-0.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmoon-devel / libmoon0 / moonlight-desktop / etc"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201206-13.NASL description The remote host is affected by the vulnerability described in GLSA-201206-13 (Mono: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mono and Mono debugger. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code, bypass general constraints, obtain the source code for .aspx applications, obtain other sensitive information, cause a Denial of Service, modify internal data structures, or corrupt the internal state of the security manager. A local attacker could entice a user into running Mono debugger in a directory containing a specially crafted library file to execute arbitrary code with the privileges of the user running Mono debugger. A context-dependent attacker could bypass the authentication mechanism provided by the XML Signature specification. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 59651 published 2012-06-22 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59651 title GLSA-201206-13 : Mono: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201206-13. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(59651); script_version("1.9"); script_cvs_date("Date: 2019/08/12 17:35:38"); script_cve_id("CVE-2009-0217", "CVE-2010-3332", "CVE-2010-3369", "CVE-2010-4159", "CVE-2010-4225", "CVE-2010-4254", "CVE-2011-0989", "CVE-2011-0990", "CVE-2011-0991", "CVE-2011-0992"); script_bugtraq_id(35671, 43316, 44351, 44810, 45051, 45711, 47208); script_xref(name:"GLSA", value:"201206-13"); script_name(english:"GLSA-201206-13 : Mono: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201206-13 (Mono: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mono and Mono debugger. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code, bypass general constraints, obtain the source code for .aspx applications, obtain other sensitive information, cause a Denial of Service, modify internal data structures, or corrupt the internal state of the security manager. A local attacker could entice a user into running Mono debugger in a directory containing a specially crafted library file to execute arbitrary code with the privileges of the user running Mono debugger. A context-dependent attacker could bypass the authentication mechanism provided by the XML Signature specification. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201206-13" ); script_set_attribute( attribute:"solution", value: "All Mono debugger users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-util/mono-debugger-2.8.1-r1' All Mono users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/mono-2.10.2-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mono"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mono-debugger"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/14"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-lang/mono", unaffected:make_list("ge 2.10.2-r1"), vulnerable:make_list("lt 2.10.2-r1"))) flag++; if (qpkg_check(package:"dev-util/mono-debugger", unaffected:make_list("ge 2.8.1-r1"), vulnerable:make_list("lt 2.8.1-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mono"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2547-1.NASL description It was discovered that the Mono TLS implementation was vulnerable to the SKIP-TLS vulnerability. A remote attacker could possibly use this issue to perform client impersonation attacks. (CVE-2015-2318) It was discovered that the Mono TLS implementation was vulnerable to the FREAK vulnerability. A remote attacker or a man in the middle could possibly use this issue to force the use of insecure ciphersuites. (CVE-2015-2319) It was discovered that the Mono TLS implementation still supported a fallback to SSLv2. This update removes the functionality as use of SSLv2 is known to be insecure. (CVE-2015-2320) It was discovered that Mono incorrectly handled memory in certain circumstances. A remote attacker could possibly use this issue to cause Mono to crash, resulting in a denial of service, or to obtain sensitive information. This issue only applied to Ubuntu 12.04 LTS. (CVE-2011-0992) It was discovered that Mono incorrectly handled hash collisions. A remote attacker could possibly use this issue to cause Mono to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS. (CVE-2012-3543). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 82074 published 2015-03-25 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82074 title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : mono vulnerabilities (USN-2547-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2547-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(82074); script_version("1.13"); script_cvs_date("Date: 2019/09/18 12:31:44"); script_cve_id("CVE-2011-0992", "CVE-2012-3543", "CVE-2015-2318", "CVE-2015-2319", "CVE-2015-2320"); script_bugtraq_id(47208, 55251, 73250, 73253, 73256); script_xref(name:"USN", value:"2547-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : mono vulnerabilities (USN-2547-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that the Mono TLS implementation was vulnerable to the SKIP-TLS vulnerability. A remote attacker could possibly use this issue to perform client impersonation attacks. (CVE-2015-2318) It was discovered that the Mono TLS implementation was vulnerable to the FREAK vulnerability. A remote attacker or a man in the middle could possibly use this issue to force the use of insecure ciphersuites. (CVE-2015-2319) It was discovered that the Mono TLS implementation still supported a fallback to SSLv2. This update removes the functionality as use of SSLv2 is known to be insecure. (CVE-2015-2320) It was discovered that Mono incorrectly handled memory in certain circumstances. A remote attacker could possibly use this issue to cause Mono to crash, resulting in a denial of service, or to obtain sensitive information. This issue only applied to Ubuntu 12.04 LTS. (CVE-2011-0992) It was discovered that Mono incorrectly handled hash collisions. A remote attacker could possibly use this issue to cause Mono to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS. (CVE-2012-3543). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2547-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libmono-2.0-1 and / or mono-runtime packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmono-2.0-1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mono-runtime"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/13"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04|14\.04|14\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 14.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"libmono-2.0-1", pkgver:"2.10.8.1-1ubuntu2.3")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"mono-runtime", pkgver:"2.10.8.1-1ubuntu2.3")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libmono-2.0-1", pkgver:"3.2.8+dfsg-4ubuntu1.1")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"mono-runtime", pkgver:"3.2.8+dfsg-4ubuntu1.1")) flag++; if (ubuntu_check(osver:"14.10", pkgname:"libmono-2.0-1", pkgver:"3.2.8+dfsg-4ubuntu2.1")) flag++; if (ubuntu_check(osver:"14.10", pkgname:"mono-runtime", pkgver:"3.2.8+dfsg-4ubuntu2.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmono-2.0-1 / mono-runtime"); }NASL family SuSE Local Security Checks NASL id SUSE_11_LIBMOON-DEVEL-110329.NASL description Moonlight was prone to several security problems : - modification of read-only values via RuntimeHelpers.InitializeArray. (CVE-2011-0989) - buffer overflow due to race condition in in Array.FastCopy. (CVE-2011-0990) - use-after-free due to DynamicMethod resurrection. (CVE-2011-0991) - information leak due to improper thread finalization These issues have been fixed. (CVE-2011-0992) last seen 2020-06-01 modified 2020-06-02 plugin id 53314 published 2011-04-07 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53314 title SuSE 11.1 Security Update : moonlight (SAT Patch Number 4246) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(53314); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:42"); script_cve_id("CVE-2011-0989", "CVE-2011-0990", "CVE-2011-0991", "CVE-2011-0992"); script_name(english:"SuSE 11.1 Security Update : moonlight (SAT Patch Number 4246)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Moonlight was prone to several security problems : - modification of read-only values via RuntimeHelpers.InitializeArray. (CVE-2011-0989) - buffer overflow due to race condition in in Array.FastCopy. (CVE-2011-0990) - use-after-free due to DynamicMethod resurrection. (CVE-2011-0991) - information leak due to improper thread finalization These issues have been fixed. (CVE-2011-0992)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=667077" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-0989.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-0990.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-0991.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-0992.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 4246."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmoon0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:moonlight-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:moonlight-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1"); flag = 0; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libmoon0-2.4.1-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"moonlight-plugin-2.4.1-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"moonlight-tools-2.4.1-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libmoon0-2.4.1-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"moonlight-plugin-2.4.1-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"moonlight-tools-2.4.1-0.5.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html
- http://openwall.com/lists/oss-security/2011/04/06/14
- http://secunia.com/advisories/44002
- http://secunia.com/advisories/44076
- http://www.mono-project.com/Vulnerabilities
- http://www.securityfocus.com/bid/47208
- http://www.vupen.com/english/advisories/2011/0904
- https://bugzilla.novell.com/show_bug.cgi?id=667077
- https://bugzilla.novell.com/show_bug.cgi?id=678515
- https://bugzilla.redhat.com/show_bug.cgi?id=694933
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66627
- https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91