Vulnerabilities > CVE-2012-6139
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-289.NASL description Two denial of service problems (crashes with NULL pointer derference) were fixed in libxslt, which could potentially be used by remote attackers to crash libxslt using programs. last seen 2020-06-05 modified 2014-06-13 plugin id 74951 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74951 title openSUSE Security Update : libxslt (openSUSE-SU-2013:0585-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2013-289. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74951); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-6139"); script_name(english:"openSUSE Security Update : libxslt (openSUSE-SU-2013:0585-1)"); script_summary(english:"Check for the openSUSE-2013-289 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Two denial of service problems (crashes with NULL pointer derference) were fixed in libxslt, which could potentially be used by remote attackers to crash libxslt using programs." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=811686" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html" ); script_set_attribute( attribute:"solution", value:"Update the affected libxslt packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt-python-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt-python-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxslt1-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.1|SUSE12\.2|SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1 / 12.2 / 12.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.1", reference:"libxslt-debugsource-1.1.26-15.11.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libxslt-devel-1.1.26-15.11.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libxslt-python-1.1.26-15.11.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libxslt-python-debuginfo-1.1.26-15.11.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libxslt-python-debugsource-1.1.26-15.11.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libxslt1-1.1.26-15.11.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libxslt1-debuginfo-1.1.26-15.11.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libxslt-devel-32bit-1.1.26-15.11.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libxslt1-32bit-1.1.26-15.11.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libxslt1-debuginfo-32bit-1.1.26-15.11.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libxslt-debugsource-1.1.26-22.6.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libxslt-devel-1.1.26-22.6.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libxslt-python-1.1.26-22.6.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libxslt-python-debuginfo-1.1.26-22.6.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libxslt-python-debugsource-1.1.26-22.6.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libxslt-tools-1.1.26-22.6.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libxslt-tools-debuginfo-1.1.26-22.6.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libxslt1-1.1.26-22.6.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libxslt1-debuginfo-1.1.26-22.6.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libxslt-devel-32bit-1.1.26-22.6.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libxslt1-32bit-1.1.26-22.6.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libxslt1-debuginfo-32bit-1.1.26-22.6.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libxslt-debugsource-1.1.28-3.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libxslt-devel-1.1.28-3.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libxslt-python-1.1.28-3.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libxslt-python-debuginfo-1.1.28-3.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libxslt-python-debugsource-1.1.28-3.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libxslt-tools-1.1.28-3.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libxslt-tools-debuginfo-1.1.28-3.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libxslt1-1.1.28-3.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libxslt1-debuginfo-1.1.28-3.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libxslt-devel-32bit-1.1.28-3.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libxslt1-32bit-1.1.28-3.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libxslt1-debuginfo-32bit-1.1.28-3.4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxslt"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2654.NASL description Nicolas Gregoire discovered that libxslt, an XSLT processing runtime library, is prone to denial of service vulnerabilities via crafted XSL stylesheets. last seen 2020-03-17 modified 2013-04-04 plugin id 65793 published 2013-04-04 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65793 title Debian DSA-2654-1 : libxslt - denial of service code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2654. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(65793); script_version("1.11"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-6139"); script_bugtraq_id(58685); script_xref(name:"DSA", value:"2654"); script_name(english:"Debian DSA-2654-1 : libxslt - denial of service"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Nicolas Gregoire discovered that libxslt, an XSLT processing runtime library, is prone to denial of service vulnerabilities via crafted XSL stylesheets." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703933" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/libxslt" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2013/dsa-2654" ); script_set_attribute( attribute:"solution", value: "Upgrade the libxslt packages. For the stable distribution (squeeze), this problem has been fixed in version 1.1.26-6+squeeze3." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxslt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2013/04/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"libxslt1-dbg", reference:"1.1.26-6+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"libxslt1-dev", reference:"1.1.26-6+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"libxslt1.1", reference:"1.1.26-6+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"python-libxslt1", reference:"1.1.26-6+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"python-libxslt1-dbg", reference:"1.1.26-6+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"xsltproc", reference:"1.1.26-6+squeeze3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_LIBXSLT-8534.NASL description libxslt has been updated to fix two denial of service issues via crashes by NULL pointer dereference on attacker supplied XSLT scripts. (CVE-2012-6139) last seen 2020-06-05 modified 2013-05-01 plugin id 66290 published 2013-05-01 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66290 title SuSE 10 Security Update : libxslt (ZYPP Patch Number 8534) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(66290); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-6139"); script_name(english:"SuSE 10 Security Update : libxslt (ZYPP Patch Number 8534)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "libxslt has been updated to fix two denial of service issues via crashes by NULL pointer dereference on attacker supplied XSLT scripts. (CVE-2012-6139)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-6139.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 8534."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:4, reference:"libxslt-1.1.15-15.20.1")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"libxslt-devel-1.1.15-15.20.1")) flag++; if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"libxslt-32bit-1.1.15-15.20.1")) flag++; if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"libxslt-devel-32bit-1.1.15-15.20.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"libxslt-1.1.15-15.20.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"libxslt-devel-1.1.15-15.20.1")) flag++; if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"libxslt-32bit-1.1.15-15.20.1")) flag++; if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"libxslt-devel-32bit-1.1.15-15.20.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");NASL family Solaris Local Security Checks NASL id SOLARIS11_LIBXSLT_20140114.NASL description The remote Solaris system is missing necessary patches to address security updates : - libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. (CVE-2012-6139) last seen 2020-06-01 modified 2020-06-02 plugin id 80694 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80694 title Oracle Solaris Third-Party Patch Update : libxslt (cve_2012_5581_denial_of1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80694); script_version("1.2"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_cve_id("CVE-2012-6139"); script_name(english:"Oracle Solaris Third-Party Patch Update : libxslt (cve_2012_5581_denial_of1)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. (CVE-2012-6139)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); script_set_attribute( attribute:"see_also", value:"https://blogs.oracle.com/sunsecurity/cve-2012-6139-denial-of-service-dos-vulnerability-in-libxslt" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1.11.4.0."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:libxslt"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^libxslt$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxslt"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.1.11.0.4.0", sru:"SRU 11.1.11.4.0") > 0) flag++; if (flag) { error_extra = 'Affected package : libxslt\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_warning(port:0, extra:error_extra); else security_warning(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "libxslt");NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-141.NASL description Updated libxslt packages fix security vulnerability : Nicholas Gregoire discovered that libxslt incorrectly handled certain empty values. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service (CVE-2012-6139). last seen 2020-06-01 modified 2020-06-02 plugin id 66153 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66153 title Mandriva Linux Security Advisory : libxslt (MDVSA-2013:141) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2013:141. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(66153); script_version("1.7"); script_cvs_date("Date: 2019/08/02 13:32:55"); script_cve_id("CVE-2012-6139"); script_bugtraq_id(58685); script_xref(name:"MDVSA", value:"2013:141"); script_xref(name:"MGASA", value:"2013-0107"); script_name(english:"Mandriva Linux Security Advisory : libxslt (MDVSA-2013:141)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated libxslt packages fix security vulnerability : Nicholas Gregoire discovered that libxslt incorrectly handled certain empty values. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service (CVE-2012-6139)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.gnome.org/show_bug.cgi?id=685328" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xslt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xslt1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-libxslt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xsltproc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2013/04/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64xslt-devel-1.1.26-6.20120127.3.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64xslt1-1.1.26-6.20120127.3.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"python-libxslt-1.1.26-6.20120127.3.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"xsltproc-1.1.26-6.20120127.3.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_11_LIBXSLT-131106.NASL description libxslt received a security update to fix a security issue : - The XSL implementation in libxslt allowed remote attackers to cause a denial of service (crash) via an invalid DTD. (addendum due to incomplete fix for CVE-2012-2825). (CVE-2013-4520) last seen 2020-06-05 modified 2013-11-12 plugin id 70843 published 2013-11-12 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70843 title SuSE 11.2 / 11.3 Security Update : libxslt (SAT Patch Numbers 8500 / 8501) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(70843); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2011-3970", "CVE-2012-2825", "CVE-2012-6139", "CVE-2013-4520"); script_name(english:"SuSE 11.2 / 11.3 Security Update : libxslt (SAT Patch Numbers 8500 / 8501)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "libxslt received a security update to fix a security issue : - The XSL implementation in libxslt allowed remote attackers to cause a denial of service (crash) via an invalid DTD. (addendum due to incomplete fix for CVE-2012-2825). (CVE-2013-4520)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849019" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-3970.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2825.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-6139.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4520.html" ); script_set_attribute( attribute:"solution", value:"Apply SAT patch number 8500 / 8501 as appropriate." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libxslt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libxslt-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/11/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); flag = 0; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libxslt-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libxslt-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libxslt-32bit-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libxslt-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libxslt-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libxslt-32bit-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"libxslt-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libxslt-32bit-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libxslt-32bit-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libxslt-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libxslt-32bit-1.1.24-19.23.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libxslt-32bit-1.1.24-19.23.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_11_LIBXSLT-130327.NASL description libxslt has been updated to fix two denial of service issues via crashes by NULL pointer dereference on attacker supplied XSLT scripts. (CVE-2012-6139) last seen 2020-06-05 modified 2013-05-01 plugin id 66288 published 2013-05-01 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66288 title SuSE 11.2 Security Update : libxslt (SAT Patch Number 7569) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(66288); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-6139"); script_name(english:"SuSE 11.2 Security Update : libxslt (SAT Patch Number 7569)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "libxslt has been updated to fix two denial of service issues via crashes by NULL pointer dereference on attacker supplied XSLT scripts. (CVE-2012-6139)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=811686" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-6139.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 7569."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libxslt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libxslt-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2"); flag = 0; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libxslt-1.1.24-19.21.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libxslt-1.1.24-19.21.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libxslt-32bit-1.1.24-19.21.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"libxslt-1.1.24-19.21.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libxslt-32bit-1.1.24-19.21.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libxslt-32bit-1.1.24-19.21.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2013-4507.NASL description Update to libxslt-1.1.28 to fix CVE-2012-6139 where the library could crash on invalid key references in stylesheets Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-04-18 plugin id 66005 published 2013-04-18 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66005 title Fedora 18 : libxslt-1.1.28-1.fc18 (2013-4507) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-4507. # include("compat.inc"); if (description) { script_id(66005); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-6139"); script_bugtraq_id(58685); script_xref(name:"FEDORA", value:"2013-4507"); script_name(english:"Fedora 18 : libxslt-1.1.28-1.fc18 (2013-4507)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to libxslt-1.1.28 to fix CVE-2012-6139 where the library could crash on invalid key references in stylesheets Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=927580" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ed5522f1" ); script_set_attribute( attribute:"solution", value:"Update the affected libxslt package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libxslt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC18", reference:"libxslt-1.1.28-1.fc18")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxslt"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1784-1.NASL description Nicholas Gregoire discovered that libxslt incorrectly handled certain empty values. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 65786 published 2013-04-03 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65786 title Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : libxslt vulnerability (USN-1784-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1784-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(65786); script_version("1.10"); script_cvs_date("Date: 2019/09/19 12:54:29"); script_cve_id("CVE-2012-6139"); script_bugtraq_id(58685); script_xref(name:"USN", value:"1784-1"); script_name(english:"Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : libxslt vulnerability (USN-1784-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Nicholas Gregoire discovered that libxslt incorrectly handled certain empty values. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1784-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libxslt1.1 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxslt1.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/12"); script_set_attribute(attribute:"patch_publication_date", value:"2013/04/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(8\.04|10\.04|11\.10|12\.04|12\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 10.04 / 11.10 / 12.04 / 12.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"8.04", pkgname:"libxslt1.1", pkgver:"1.1.22-1ubuntu1.4")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libxslt1.1", pkgver:"1.1.26-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"libxslt1.1", pkgver:"1.1.26-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"libxslt1.1", pkgver:"1.1.26-8ubuntu1.3")) flag++; if (ubuntu_check(osver:"12.10", pkgname:"libxslt1.1", pkgver:"1.1.26-14ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxslt1.1"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201401-07.NASL description The remote host is affected by the vulnerability described in GLSA-201401-07 (libxslt: Denial of Service) Multiple vulnerabilities have been found in libxslt: Multiple errors exist in pattern.c and functions.c (CVE-2012-2870, CVE-2012-6139). A double-free error exists in templates.c (CVE-2012-2893). A NULL pointer dereference in keys.c (CVE-2012-6139). An error in handling stylesheets containing DTDs (CVE-2013-4520). Impact : A remote attacker could entice a user to process a specially crafted file in an application linked against libxslt, possibly resulting in a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 71907 published 2014-01-12 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71907 title GLSA-201401-07 : libxslt: Denial of Service code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201401-07. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(71907); script_version("1.5"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2012-2870", "CVE-2012-2893", "CVE-2012-6139", "CVE-2013-4520"); script_bugtraq_id(55331, 55676, 58685, 63548); script_xref(name:"GLSA", value:"201401-07"); script_name(english:"GLSA-201401-07 : libxslt: Denial of Service"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201401-07 (libxslt: Denial of Service) Multiple vulnerabilities have been found in libxslt: Multiple errors exist in pattern.c and functions.c (CVE-2012-2870, CVE-2012-6139). A double-free error exists in templates.c (CVE-2012-2893). A NULL pointer dereference in keys.c (CVE-2012-6139). An error in handling stylesheets containing DTDs (CVE-2013-4520). Impact : A remote attacker could entice a user to process a specially crafted file in an application linked against libxslt, possibly resulting in a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201401-07" ); script_set_attribute( attribute:"solution", value: "All libxslt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-libs/libxslt-1.1.28' Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libxslt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-libs/libxslt", unaffected:make_list("ge 1.1.28"), vulnerable:make_list("lt 1.1.28"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxslt"); }
References
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html
- http://secunia.com/advisories/52745
- http://secunia.com/advisories/52805
- http://secunia.com/advisories/52813
- http://secunia.com/advisories/52884
- http://www.debian.org/security/2013/dsa-2654
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:141
- http://www.securitytracker.com/id/1028338
- http://www.ubuntu.com/usn/USN-1784-1
- http://xmlsoft.org/XSLT/news.html
- https://bugzilla.gnome.org/show_bug.cgi?id=685328
- https://bugzilla.gnome.org/show_bug.cgi?id=685330
- https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833
- https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107
- https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html
- https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html