Vulnerabilities > CVE-2012-3518 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in TOR

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
tor
CWE-119
nessus

Summary

The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document.

Vulnerable Configurations

Part Description Count
Application
Tor
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-541.NASL
    descriptionTor 0.2.2.38 fixes a rare race condition that can crash exit relays; fixes a remotely triggerable crash bug; and fixes a timing attack that could in theory leak path information.
    last seen2020-06-05
    modified2014-06-13
    plugin id74733
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74733
    titleopenSUSE Security Update : tor (openSUSE-SU-2012:1068-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2012-541.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74733);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-3517", "CVE-2012-3518", "CVE-2012-3519");
    
      script_name(english:"openSUSE Security Update : tor (openSUSE-SU-2012:1068-1)");
      script_summary(english:"Check for the openSUSE-2012-541 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Tor 0.2.2.38 fixes a rare race condition that can crash exit relays;
    fixes a remotely triggerable crash bug; and fixes a timing attack that
    could in theory leak path information."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=776642"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2012-08/msg00048.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected tor packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tor");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tor-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tor-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.2", reference:"tor-0.2.2.38-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"tor-debuginfo-0.2.2.38-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"tor-debugsource-0.2.2.38-3.4.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tor");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-03 (Tor: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause a Denial of Service condition or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63437
    published2013-01-09
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63437
    titleGLSA-201301-03 : Tor: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201301-03.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63437);
      script_version("1.5");
      script_cvs_date("Date: 2018/08/10 18:07:07");
    
      script_cve_id("CVE-2012-3517", "CVE-2012-3518", "CVE-2012-3519", "CVE-2012-4419", "CVE-2012-4922", "CVE-2012-5573");
      script_xref(name:"GLSA", value:"201301-03");
    
      script_name(english:"GLSA-201301-03 : Tor: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201301-03
    (Tor: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Tor. Please review the
          CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker could cause a Denial of Service condition or obtain
          sensitive information.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201301-03"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Tor users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=net-misc/tor-0.2.3.25'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:tor");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-misc/tor", unaffected:make_list("ge 0.2.3.25"), vulnerable:make_list("lt 0.2.3.25"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Tor");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2548.NASL
    descriptionSeveral vulnerabilities have been discovered in Tor, an online privacy tool. - CVE-2012-3518 Avoid an uninitialised memory read when reading a vote or consensus document that has an unrecognized flavour name. This could lead to a remote crash, resulting in denial of service. - CVE-2012-3519 Try to leak less information about what relays a client is choosing to a side-channel attacker. - CVE-2012-4419 By providing specially crafted date strings to a victim tor instance, an attacker can cause it to run into an assertion and shut down. Additionally the update to stable includes the following fixes: when waiting for a client to renegotiate, don
    last seen2020-03-17
    modified2012-09-14
    plugin id62086
    published2012-09-14
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62086
    titleDebian DSA-2548-1 : tor - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2548. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62086);
      script_version("1.9");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2012-3518", "CVE-2012-3519", "CVE-2012-4419");
      script_xref(name:"DSA", value:"2548");
    
      script_name(english:"Debian DSA-2548-1 : tor - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in Tor, an online privacy
    tool.
    
      - CVE-2012-3518
        Avoid an uninitialised memory read when reading a vote
        or consensus document that has an unrecognized flavour
        name. This could lead to a remote crash, resulting in
        denial of service.
    
      - CVE-2012-3519
        Try to leak less information about what relays a client
        is choosing to a side-channel attacker.
    
      - CVE-2012-4419
        By providing specially crafted date strings to a victim
        tor instance, an attacker can cause it to run into an
        assertion and shut down.
    
    Additionally the update to stable includes the following fixes: when
    waiting for a client to renegotiate, don't allow it to add any bytes
    to the input buffer. This fixes a potential DoS issue [ tor-5934,
    tor-6007]."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-3518"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-3519"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-4419"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://trac.torproject.org/projects/tor/ticket/5934"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://trac.torproject.org/projects/tor/ticket/6007"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze/tor"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2012/dsa-2548"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the tor packages.
    
    For the stable distribution (squeeze), these problems have been fixed
    in version 0.2.2.39-1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:tor");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/09/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"tor", reference:"0.2.2.39-1")) flag++;
    if (deb_check(release:"6.0", prefix:"tor-dbg", reference:"0.2.2.39-1")) flag++;
    if (deb_check(release:"6.0", prefix:"tor-geoipdb", reference:"0.2.2.39-1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-132.NASL
    descriptionUpdated tor package fixes security vulnerabilities : Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected (CVE-2011-2768). Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values (CVE-2011-2769). Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests (CVE-2012-3517). The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document (CVE-2012-3518). routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack (CVE-2012-3519). The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison (CVE-2012-4419). Tor before 0.2.2.39, when waiting for a client to renegotiate, allowed it to add bytes to the input buffer, allowing a crash to be caused remotely (tor-5934, tor-6007). Denial of Service vulnerability in Tor before 0.2.3.25, due to an error when handling SENDME cells and can be exploited to cause excessive consumption of memory resources within an entry node (SA51329, CVE-2012-5573). The version of Tor shipped in MBS1 did not have correctly formed systemd unit and thus failed to start. This updated version corrects this problem and restores working behaviour.
    last seen2020-06-01
    modified2020-06-02
    plugin id66144
    published2013-04-20
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66144
    titleMandriva Linux Security Advisory : tor (MDVSA-2013:132)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2013:132. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66144);
      script_version("1.7");
      script_cvs_date("Date: 2019/08/02 13:32:55");
    
      script_cve_id("CVE-2011-2768", "CVE-2011-2769", "CVE-2012-3517", "CVE-2012-3518", "CVE-2012-3519", "CVE-2012-4419", "CVE-2012-5573");
      script_bugtraq_id(50414, 55128, 55519, 56675);
      script_xref(name:"MDVSA", value:"2013:132");
      script_xref(name:"MGASA", value:"2012-0276");
      script_xref(name:"MGASA", value:"2012-0356");
    
      script_name(english:"Mandriva Linux Security Advisory : tor (MDVSA-2013:132)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Mandriva Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated tor package fixes security vulnerabilities :
    
    Tor before 0.2.2.34, when configured as a client or bridge, sends a
    TLS certificate chain as part of an outgoing OR connection, which
    allows remote relays to bypass intended anonymity properties by
    reading this chain and then determining the set of entry guards that
    the client or bridge had selected (CVE-2011-2768).
    
    Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE
    and CREATE_FAST values in the Command field of a cell within an OR
    connection that it initiated, which allows remote relays to enumerate
    bridges by using these values (CVE-2011-2769).
    
    Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might
    allow remote attackers to cause a denial of service (daemon crash) via
    vectors related to failed DNS requests (CVE-2012-3517).
    
    The networkstatus_parse_vote_from_string function in routerparse.c in
    Tor before 0.2.2.38 does not properly handle an invalid flavor name,
    which allows remote attackers to cause a denial of service
    (out-of-bounds read and daemon crash) via a crafted (1) vote document
    or (2) consensus document (CVE-2012-3518).
    
    routerlist.c in Tor before 0.2.2.38 uses a different amount of time
    for relay-list iteration depending on which relay is chosen, which
    might allow remote attackers to obtain sensitive information about
    relay selection via a timing side-channel attack (CVE-2012-3519).
    
    The compare_tor_addr_to_addr_policy function in or/policies.c in Tor
    before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote
    attackers to cause a denial of service (assertion failure and daemon
    exit) via a zero-valued port field that is not properly handled during
    policy comparison (CVE-2012-4419).
    
    Tor before 0.2.2.39, when waiting for a client to renegotiate, allowed
    it to add bytes to the input buffer, allowing a crash to be caused
    remotely (tor-5934, tor-6007).
    
    Denial of Service vulnerability in Tor before 0.2.3.25, due to an
    error when handling SENDME cells and can be exploited to cause
    excessive consumption of memory resources within an entry node
    (SA51329, CVE-2012-5573).
    
    The version of Tor shipped in MBS1 did not have correctly formed
    systemd unit and thus failed to start.
    
    This updated version corrects this problem and restores working
    behaviour."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0184"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected tor package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tor");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/04/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"tor-0.2.2.39-1.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");