Vulnerabilities > CVE-2013-0338 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL

Summary

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. Per http://www.ubuntu.com/usn/USN-1782-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 Ubuntu 10.04 LTS Ubuntu 8.04 LTS" Per http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html "http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html"

Vulnerable Configurations

Part Description Count
Application
Xmlsoft
142
OS
Canonical
5
OS
Opensuse
3

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBXML2-130320.NASL
    descriptionlibxml2 has been updated to fix entity expansion problems : - Internal entity expansion within XML was not bounded, leading to simple small XML files being able to cause
    last seen2020-06-05
    modified2013-05-03
    plugin id66300
    published2013-05-03
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66300
    titleSuSE 11.2 Security Update : libxml2 (SAT Patch Number 7517)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66300);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-0338", "CVE-2013-0339");
    
      script_name(english:"SuSE 11.2 Security Update : libxml2 (SAT Patch Number 7517)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "libxml2 has been updated to fix entity expansion problems :
    
      - Internal entity expansion within XML was not bounded,
        leading to simple small XML files being able to cause
        'out of memory' denial of service conditions.
        (CVE-2013-0338)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=805233"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0338.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0339.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 7517.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libxml2-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libxml2-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libxml2-python");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/03/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libxml2-2.7.6-0.23.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libxml2-python-2.7.6-0.23.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libxml2-2.7.6-0.23.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libxml2-32bit-2.7.6-0.23.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libxml2-python-2.7.6-0.23.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"libxml2-2.7.6-0.23.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"libxml2-doc-2.7.6-0.23.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"libxml2-python-2.7.6-0.23.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libxml2-32bit-2.7.6-0.23.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libxml2-32bit-2.7.6-0.23.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2652.NASL
    descriptionBrad Hill of iSEC Partners discovered that many XML implementations are vulnerable to external entity expansion issues, which can be used for various purposes such as firewall circumvention, disguising an IP address, and denial-of-service. libxml2 was susceptible to these problems when performing string substitution during entity expansion.
    last seen2020-03-17
    modified2013-03-27
    plugin id65695
    published2013-03-27
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/65695
    titleDebian DSA-2652-1 : libxml2 - external entity expansion
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2652. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(65695);
      script_version("1.14");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-0338", "CVE-2013-0339");
      script_bugtraq_id(58180);
      script_xref(name:"DSA", value:"2652");
    
      script_name(english:"Debian DSA-2652-1 : libxml2 - external entity expansion");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Brad Hill of iSEC Partners discovered that many XML implementations
    are vulnerable to external entity expansion issues, which can be used
    for various purposes such as firewall circumvention, disguising an IP
    address, and denial-of-service. libxml2 was susceptible to these
    problems when performing string substitution during entity expansion."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702260"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze/libxml2"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2013/dsa-2652"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the libxml2 packages.
    
    For the stable distribution (squeeze), these problems have been fixed
    in version 2.7.8.dfsg-2+squeeze7."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxml2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/03/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"libxml2", reference:"2.7.8.dfsg-2+squeeze7")) flag++;
    if (deb_check(release:"6.0", prefix:"libxml2-dbg", reference:"2.7.8.dfsg-2+squeeze7")) flag++;
    if (deb_check(release:"6.0", prefix:"libxml2-dev", reference:"2.7.8.dfsg-2+squeeze7")) flag++;
    if (deb_check(release:"6.0", prefix:"libxml2-doc", reference:"2.7.8.dfsg-2+squeeze7")) flag++;
    if (deb_check(release:"6.0", prefix:"libxml2-utils", reference:"2.7.8.dfsg-2+squeeze7")) flag++;
    if (deb_check(release:"6.0", prefix:"python-libxml2", reference:"2.7.8.dfsg-2+squeeze7")) flag++;
    if (deb_check(release:"6.0", prefix:"python-libxml2-dbg", reference:"2.7.8.dfsg-2+squeeze7")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-0581.NASL
    descriptionUpdated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption. (CVE-2013-0338) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id64971
    published2013-03-04
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64971
    titleCentOS 5 / 6 : libxml2 (CESA-2013:0581)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:0581 and 
    # CentOS Errata and Security Advisory 2013:0581 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64971);
      script_version("1.15");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2013-0338");
      script_bugtraq_id(58180);
      script_xref(name:"RHSA", value:"2013:0581");
    
      script_name(english:"CentOS 5 / 6 : libxml2 (CESA-2013:0581)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated libxml2 packages that fix one security issue are now available
    for Red Hat Enterprise Linux 5 and 6.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. A Common Vulnerability Scoring System (CVSS)
    base score, which gives a detailed severity rating, is available from
    the CVE link in the References section.
    
    The libxml2 library is a development toolbox providing the
    implementation of various XML standards.
    
    A denial of service flaw was found in the way libxml2 performed string
    substitutions when entity values for entity references replacement was
    enabled. A remote attacker could provide a specially crafted XML file
    that, when processed by an application linked against libxml2, would
    lead to excessive CPU consumption. (CVE-2013-0338)
    
    All users of libxml2 are advised to upgrade to these updated packages,
    which contain a backported patch to correct this issue. The desktop
    must be restarted (log out, then log back in) for this update to take
    effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2013-March/019260.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d2f55acd"
      );
      # https://lists.centos.org/pipermail/centos-announce/2013-March/019627.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?277a00c2"
      );
      # https://lists.centos.org/pipermail/centos-cr-announce/2013-March/000813.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7ffc1e28"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libxml2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0338");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libxml2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libxml2-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libxml2-static");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/02/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x / 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"libxml2-2.6.26-2.1.21.el5_9.1")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"libxml2-devel-2.6.26-2.1.21.el5_9.1")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"libxml2-python-2.6.26-2.1.21.el5_9.1")) flag++;
    
    if (rpm_check(release:"CentOS-6", reference:"libxml2-2.7.6-12.el6_4.1")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"libxml2-devel-2.7.6-12.el6_4.1")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"libxml2-python-2.7.6-12.el6_4.1")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"libxml2-static-2.7.6-12.el6_4.1")) flag++;
    
    
    if (flag)
    {
      cr_plugin_caveat = '\n' +
        'NOTE: The security advisory associated with this vulnerability has a\n' +
        'fixed package version that may only be available in the continuous\n' +
        'release (CR) repository for CentOS, until it is present in the next\n' +
        'point release of CentOS.\n\n' +
    
        'If an equal or higher package level does not exist in the baseline\n' +
        'repository for your major version of CentOS, then updates from the CR\n' +
        'repository will need to be applied in order to address the\n' +
        'vulnerability.\n';
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get() + cr_plugin_caveat
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2 / libxml2-devel / libxml2-python / libxml2-static");
    }
    
  • NASL familyMisc.
    NASL idVMWARE_ESX_VMSA-2013-0009_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - GnuTLS - Kernel - OpenSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id89666
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89666
    titleVMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0009) (remote check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89666);
      script_version("1.4");
      script_cvs_date("Date: 2018/11/15 20:50:24");
    
      script_cve_id(
        "CVE-2013-0166",
        "CVE-2013-0169",
        "CVE-2013-0268",
        "CVE-2013-0338",
        "CVE-2013-0871",
        "CVE-2013-2116"
      );
      script_bugtraq_id(
        57778,
        57838,
        57986,
        58180,
        60268,
        60215
      );
      script_xref(name:"VMSA", value:"2013-0009");
      script_xref(name:"CERT", value:"737740");
      script_xref(name:"EDB-ID", value:"27297");
    
      script_name(english:"VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0009) (remote check)");
      script_summary(english:"Checks the version and build numbers of the remote host.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote VMware ESX / ESXi host is missing a security-related patch.");
      script_set_attribute(attribute:"description", value:
    "The remote VMware ESX / ESXi host is missing a security-related patch.
    It is, therefore, affected by multiple vulnerabilities, including
    remote code execution vulnerabilities, in several third-party
    libraries :
    
      - GnuTLS
      - Kernel
      - OpenSSL");
      script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2013-0009.html");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the vendor advisory that
    pertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/07/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
    
      script_dependencies("vmware_vsphere_detect.nbin");
      script_require_keys("Host/VMware/version", "Host/VMware/release");
      script_require_ports("Host/VMware/vsphere");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    ver   = get_kb_item_or_exit("Host/VMware/version");
    rel   = get_kb_item_or_exit("Host/VMware/release");
    port  = get_kb_item_or_exit("Host/VMware/vsphere");
    esx   = '';
    build = 0;
    fix   = FALSE;
    
    if ("ESX" >!< rel)
      audit(AUDIT_OS_NOT, "VMware ESX/ESXi");
    
    extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver);
    if (empty_or_null(extract))
      audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi");
    
    esx = extract[1];
    ver = extract[2];
    
    extract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);
    if (isnull(extract))
      audit(AUDIT_UNKNOWN_BUILD, "VMware " + esx, ver);
    
    build = int(extract[1]);
    
    fixes = make_array(
        "4.1", 1198252,
        "4.0", 1335992
    );
    
    fix = fixes[ver];
    
    if (!fix)
      audit(AUDIT_INST_VER_NOT_VULN, esx, ver, build);
    
    if (build < fix)
    {
      report = '\n  Version         : ' + esx + " " + ver +
               '\n  Installed build : ' + build +
               '\n  Fixed build     : ' + fix +
               '\n';
      security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);
      exit(0);
    }
    else
      audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2013-188.NASL
    descriptionlibxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka
    last seen2020-06-01
    modified2020-06-02
    plugin id69747
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69747
    titleAmazon Linux AMI : libxml2 (ALAS-2013-188)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2013-188.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69747);
      script_version("1.8");
      script_cvs_date("Date: 2018/04/18 15:09:35");
    
      script_cve_id("CVE-2013-0338");
      script_xref(name:"ALAS", value:"2013-188");
    
      script_name(english:"Amazon Linux AMI : libxml2 (ALAS-2013-188)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "libxml2 2.9.0 and earlier allows context-dependent attackers to cause
    a denial of service (CPU and memory consumption) via an XML file
    containing an entity declaration with long replacement text and many
    references to this entity, aka 'internal entity expansion' with linear
    complexity."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2013-188.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update libxml2' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libxml2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libxml2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libxml2-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libxml2-static");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/05/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"libxml2-2.7.8-10.26.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"libxml2-debuginfo-2.7.8-10.26.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"libxml2-devel-2.7.8-10.26.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"libxml2-python-2.7.8-10.26.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"libxml2-static-2.7.8-10.26.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python / etc");
    }
    
  • NASL familyWeb Servers
    NASL idORACLE_HTTP_SERVER_CPU_JAN_2015.NASL
    descriptionThe version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities in the Web Listener subcomponent : - An integer overflow condition exists in libxml2 within file xpath.c, related to XPath expressions when adding a new namespace note. An unauthenticated, remote attacker can exploit this, via a crafted XML file, to cause a denial of service condition or the execution of arbitary code. (CVE-2011-1944) - An integer overflow condition exists in the HTTP server, specifically in the ap_pregsub() function within file server/util.c, when the mod_setenvif module is enabled. A local attacker can exploit this to gain elevated privileges by using an .htaccess file with a crafted combination of SetEnvIf directives and HTTP request headers. (CVE-2011-3607) - A flaw exists in libxml2, known as the
    last seen2020-03-18
    modified2015-01-27
    plugin id81002
    published2015-01-27
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81002
    titleOracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2015 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(81002);
      script_version("1.25");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25");
    
      script_cve_id(
        "CVE-2003-1418",
        "CVE-2011-1944",
        "CVE-2011-3607",
        "CVE-2013-0338",
        "CVE-2013-2877",
        "CVE-2013-5704",
        "CVE-2013-6438",
        "CVE-2014-0098",
        "CVE-2014-0191",
        "CVE-2014-0226",
        "CVE-2014-6571",
        "CVE-2015-0372",
        "CVE-2015-0386",
        "CVE-2015-2808",
        "CVE-2016-2183"
      );
      script_bugtraq_id(
        48056,
        50494,
        58180,
        61050,
        66303,
        66550,
        67233,
        68678,
        72143,
        72183,
        72193,
        73684,
        92630
      );
      script_xref(name:"EDB-ID", value:"34133");
    
      script_name(english:"Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2015 CPU)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle HTTP Server installed on the remote host is
    affected by multiple vulnerabilities in the Web Listener
    subcomponent :
    
      - An integer overflow condition exists in libxml2 within
        file xpath.c, related to XPath expressions when adding a
        new namespace note. An unauthenticated, remote attacker
        can exploit this, via a crafted XML file, to cause a
        denial of service condition or the execution of arbitary
        code. (CVE-2011-1944)
    
      - An integer overflow condition exists in the HTTP server,
        specifically in the ap_pregsub() function within file
        server/util.c, when the mod_setenvif module is enabled.
        A local attacker can exploit this to gain elevated
        privileges by using an .htaccess file with a crafted
        combination of SetEnvIf directives and HTTP request
        headers. (CVE-2011-3607)
    
      - A flaw exists in libxml2, known as the 'internal entity
        expansion' with linear complexity issue, that allows
        specially crafted XML files to consume excessive CPU and
        memory resources. An unauthenticated, remote attacker
        can exploit this to cause a denial of service condition
        by using a specially crafted XML file containing an
        entity declaration with long replacement text and many
        references to this entity. (CVE-2013-0338)
    
      - An out-of-bounds read error exists in libxml2 within
        file parser.c due to a failure to check for the
        XML_PARSER_EOF state. An unauthenticated, remote
        attacker can exploit this, via a specially crafted
        document that ends abruptly, to cause a denial of
        service condition. (CVE-2013-2877)
    
      - A flaw exists within the mod_headers module in the
        HTTP server which allows bypassing the 'RequestHeader
        unset' directives. An unauthenticated, remote attacker
        can exploit this to inject arbitrary headers. This is
        done by placing a header in the trailer portion of data
        being sent using chunked transfer encoding.
        (CVE-2013-5704)
    
      - A flaw exists in the dav_xml_get_cdata() function in
        file main/util.c within the HTTP server mod_dav module
        due to incorrect stripping of whitespace characters from
        the CDATA sections. An unauthenticated, remote attacker
        via a specially crafted DAV WRITE request, can exploit
        this to cause a denial of service condition.
        (CVE-2013-6438)
    
      - A flaw exists in the log_cookie() function in file
        mod_log_config.c within the HTTP server mod_log_config
        module due to improper handling of specially crafted
        cookies during truncation. An unauthenticated, remote
        attacker can exploit this to cause a denial of service
        condition via a segmentation fault. (CVE-2014-0098)
    
      - A flaw exists in libxml2, specifically in the
        xmlParserHandlePEReference() function in file parser.c,
        due to loading external parameter entities even when
        entity substitution is disabled. An unauthenticated,
        remote attacker can exploit this issue, via a specially
        crafted XML file, to conduct XML External Entity (XXE)
        attacks that exhaust CPU and memory resources, resulting
        in a denial of service condition. (CVE-2014-0191)
    
      - A race condition exists in the HTTP server within the
        mod_status module when using a threaded Multi-Processing
        Module (MPM). If an unauthenticated, remote attacker is
        able to access status pages served by mod_status, the
        attacker can exploit this issue, by sending specially
        crafted requests, to cause the httpd child process to
        crash or possibly execute arbitrary code with the
        privileges of the user running the web server.
        (CVE-2014-0226)
    
      - An unspecified flaw exists in the Web Listener
        subcomponent that allows an unauthenticated, remote
        attacker to impact confidentiality, integrity, and
        availability. (CVE-2014-6571)
    
      - An unspecified flaw exists in the J2EE subcomponent that
        allows an unauthenticated, remote attacker to disclose
        potentially sensitive information. (CVE-2015-0372)
    
      - An unspecified flaw exists in the Web Listener
        subcomponent that allows an unauthenticated, remote
        attacker to cause a denial of service condition.
        (CVE-2015-0386)");
      # https://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75c6cafb");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the January 2015 Oracle Critical Patch Update advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-5704");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(200);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/01/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/27");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:http_server");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("oracle_http_server_installed.nbin");
      script_require_keys("Oracle/OHS/Installed");
    
      exit(0);
    }
    
    include('oracle_http_server_patch_func.inc');
    
    get_kb_item_or_exit('Oracle/OHS/Installed');
    install_list = get_kb_list_or_exit('Oracle/OHS/*/EffectiveVersion');
    
    install = branch(install_list, key:TRUE, value:TRUE);
    
    patches = make_array();
    patches['10.1.3.5'] = make_array('fix_ver', '10.1.3.5.150120', 'patch', '19952538');
    patches['11.1.1.7'] = make_array('fix_ver', '11.1.1.7.150120', 'patch', '19948000');
    patches['12.1.2.0'] = make_array('fix_ver', '12.1.2.0.150120', 'patch', '19948089');
    patches['12.1.3.0'] = make_array('fix_ver', '12.1.3.0.141218', 'patch', '19948154');
    
    oracle_http_server_check_vuln(
      install : install,
      min_patches : patches,
      severity : SECURITY_HOLE
    );
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1782-1.NASL
    descriptionIt was discovered that libxml2 incorrectly handled XML entity expansion. An attacker could use this flaw to cause libxml2 to consume large amounts of resources, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id65730
    published2013-03-29
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/65730
    titleUbuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : libxml2 vulnerability (USN-1782-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1782-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(65730);
      script_version("1.12");
      script_cvs_date("Date: 2019/09/19 12:54:29");
    
      script_cve_id("CVE-2013-0338");
      script_bugtraq_id(58180);
      script_xref(name:"USN", value:"1782-1");
    
      script_name(english:"Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : libxml2 vulnerability (USN-1782-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that libxml2 incorrectly handled XML entity
    expansion. An attacker could use this flaw to cause libxml2 to consume
    large amounts of resources, resulting in a denial of service.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1782-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libxml2 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxml2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/03/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(8\.04|10\.04|11\.10|12\.04|12\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 10.04 / 11.10 / 12.04 / 12.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"8.04", pkgname:"libxml2", pkgver:"2.6.31.dfsg-2ubuntu1.12")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"libxml2", pkgver:"2.7.6.dfsg-1ubuntu1.8")) flag++;
    if (ubuntu_check(osver:"11.10", pkgname:"libxml2", pkgver:"2.7.8.dfsg-4ubuntu0.6")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"libxml2", pkgver:"2.7.8.dfsg-5.1ubuntu4.4")) flag++;
    if (ubuntu_check(osver:"12.10", pkgname:"libxml2", pkgver:"2.8.0+dfsg1-5ubuntu2.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0636.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes several security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-1619) It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2013-0292 (dbus-glib issue) CVE-2013-0228, CVE-2013-0268, and CVE-2013-0871 (kernel issues) CVE-2013-0338 (libxml2 issue) This update contains the builds from the following errata : ovirt-node: RHBA-2013:0634 https://rhn.redhat.com/errata/RHBA-2013-0634.html kernel: RHSA-2013:0630 https://rhn.redhat.com/errata/RHSA-2013-0630.html dbus-glib: RHSA-2013:0568 https://rhn.redhat.com/errata/RHSA-2013-0568.html libcgroup: RHBA-2013:0560 https://rhn.redhat.com/errata/RHBA-2013-0560.html vdsm: RHBA-2013:0635 https://rhn.redhat.com/errata/RHBA-2013-0635.html selinux-policy: RHBA-2013:0618 https://rhn.redhat.com/errata/RHBA-2013-0618.html qemu-kvm-rhev: RHSA-2013:0610 https://rhn.redhat.com/errata/RHSA-2013-0610.html glusterfs: RHBA-2013:0620 https://rhn.redhat.com/errata/RHBA-2013-0620.html gnutls: RHSA-2013:0588 https://rhn.redhat.com/errata/RHSA-2013-0588.html ipmitool: RHBA-2013:0572 https://rhn.redhat.com/errata/RHBA-2013-0572.html libxml2: RHSA-2013:0581 https://rhn.redhat.com/errata/RHSA-2013-0581.html openldap: RHBA-2013:0598 https://rhn.redhat.com/errata/RHBA-2013-0598.html openssl: RHSA-2013:0587 https://rhn.redhat.com/errata/RHSA-2013-0587.html Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id78952
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78952
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2013:0636)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:0636. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78952);
      script_version("1.11");
      script_cvs_date("Date: 2019/10/24 15:35:36");
    
      script_cve_id("CVE-2012-4929", "CVE-2012-6075", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-1619");
      script_bugtraq_id(55704, 57420, 57736, 57755, 57778);
      script_xref(name:"RHSA", value:"2013:0636");
    
      script_name(english:"RHEL 6 : rhev-hypervisor6 (RHSA-2013:0636)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated rhev-hypervisor6 package that fixes several security issues
    and various bugs is now available.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The rhev-hypervisor6 package provides a Red Hat Enterprise
    Virtualization Hypervisor ISO disk image. The Red Hat Enterprise
    Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine
    (KVM) hypervisor. It includes everything necessary to run and manage
    virtual machines: A subset of the Red Hat Enterprise Linux operating
    environment and the Red Hat Enterprise Virtualization Agent.
    
    Note: Red Hat Enterprise Virtualization Hypervisor is only available
    for the Intel 64 and AMD64 architectures with virtualization
    extensions.
    
    A flaw was found in the way QEMU-KVM emulated the e1000 network
    interface card when the host was configured to accept jumbo network
    frames, and a guest using the e1000 emulated driver was not. A remote
    attacker could use this flaw to crash the guest or, potentially,
    execute arbitrary code with root privileges in the guest.
    (CVE-2012-6075)
    
    It was discovered that GnuTLS leaked timing information when
    decrypting TLS/SSL protocol encrypted records when CBC-mode cipher
    suites were used. A remote attacker could possibly use this flaw to
    retrieve plain text from the encrypted packets by using a TLS/SSL
    server as a padding oracle. (CVE-2013-1619)
    
    It was discovered that OpenSSL leaked timing information when
    decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode
    cipher suites were used. A remote attacker could possibly use this
    flaw to retrieve plain text from the encrypted packets by using a
    TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169)
    
    A NULL pointer dereference flaw was found in the OCSP response
    verification in OpenSSL. A malicious OCSP server could use this flaw
    to crash applications performing OCSP verification by sending a
    specially crafted response. (CVE-2013-0166)
    
    It was discovered that the TLS/SSL protocol could leak information
    about plain text when optional compression was used. An attacker able
    to control part of the plain text sent over an encrypted TLS/SSL
    connection could possibly use this flaw to recover other portions of
    the plain text. (CVE-2012-4929)
    
    This updated package provides updated components that include fixes
    for various security issues. These issues have no security impact on
    Red Hat Enterprise Virtualization Hypervisor itself, however. The
    security fixes included in this update address the following CVE
    numbers :
    
    CVE-2013-0292 (dbus-glib issue)
    
    CVE-2013-0228, CVE-2013-0268, and CVE-2013-0871 (kernel issues)
    
    CVE-2013-0338 (libxml2 issue)
    
    This update contains the builds from the following errata :
    
    ovirt-node: RHBA-2013:0634
    https://rhn.redhat.com/errata/RHBA-2013-0634.html kernel:
    RHSA-2013:0630 https://rhn.redhat.com/errata/RHSA-2013-0630.html
    dbus-glib: RHSA-2013:0568
    https://rhn.redhat.com/errata/RHSA-2013-0568.html libcgroup:
    RHBA-2013:0560 https://rhn.redhat.com/errata/RHBA-2013-0560.html vdsm:
    RHBA-2013:0635 https://rhn.redhat.com/errata/RHBA-2013-0635.html
    selinux-policy: RHBA-2013:0618
    https://rhn.redhat.com/errata/RHBA-2013-0618.html qemu-kvm-rhev:
    RHSA-2013:0610 https://rhn.redhat.com/errata/RHSA-2013-0610.html
    glusterfs: RHBA-2013:0620
    https://rhn.redhat.com/errata/RHBA-2013-0620.html gnutls:
    RHSA-2013:0588 https://rhn.redhat.com/errata/RHSA-2013-0588.html
    ipmitool: RHBA-2013:0572
    https://rhn.redhat.com/errata/RHBA-2013-0572.html libxml2:
    RHSA-2013:0581 https://rhn.redhat.com/errata/RHSA-2013-0581.html
    openldap: RHBA-2013:0598
    https://rhn.redhat.com/errata/RHBA-2013-0598.html openssl:
    RHSA-2013:0587 https://rhn.redhat.com/errata/RHSA-2013-0587.html
    
    Users of the Red Hat Enterprise Virtualization Hypervisor are advised
    to upgrade to this updated package, which fixes these issues."
      );
      # https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b5caa05f"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2013:0636"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-0169"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-1619"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-4929"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-0166"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-6075"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected rhev-hypervisor6 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/03/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2013:0636";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", reference:"rhev-hypervisor6-6.4-20130306.2.el6_4")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhev-hypervisor6");
      }
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-056.NASL
    descriptionMultiple vulnerabilities was found and corrected in libxml2 : A heap-buffer overflow was found in the way libxml2 decoded certain XML entitites. A remote attacker could provide a specially crafted XML file, which once opened in an application linked against libxml would cause that application to crash, or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2012-5134). A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption (CVE-2013-0338). An Off-by-one error in libxml2 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors (CVE-2011-3102). Multiple integer overflows in libxml2, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2012-2807). The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id66070
    published2013-04-20
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66070
    titleMandriva Linux Security Advisory : libxml2 (MDVSA-2013:056)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2013:056. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66070);
      script_version("1.12");
      script_cvs_date("Date: 2019/08/02 13:32:55");
    
      script_cve_id(
        "CVE-2011-3102",
        "CVE-2012-2807",
        "CVE-2012-5134",
        "CVE-2013-0338"
      );
      script_bugtraq_id(
        53540,
        54718,
        56684,
        58180
      );
      script_xref(name:"MDVSA", value:"2013:056");
    
      script_name(english:"Mandriva Linux Security Advisory : libxml2 (MDVSA-2013:056)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities was found and corrected in libxml2 :
    
    A heap-buffer overflow was found in the way libxml2 decoded certain
    XML entitites. A remote attacker could provide a specially crafted XML
    file, which once opened in an application linked against libxml would
    cause that application to crash, or, potentially, execute arbitrary
    code with the privileges of the user running the application
    (CVE-2012-5134).
    
    A denial of service flaw was found in the way libxml2 performed string
    substitutions when entity values for entity references replacement was
    enabled. A remote attacker could provide a specially crafted XML file
    that, when processed by an application linked against libxml2, would
    lead to excessive CPU consumption (CVE-2013-0338).
    
    An Off-by-one error in libxml2 allows remote attackers to cause a
    denial of service (out-of-bounds write) or possibly have unspecified
    other impact via unknown vectors (CVE-2011-3102).
    
    Multiple integer overflows in libxml2, on 64-bit Linux platforms allow
    remote attackers to cause a denial of service or possibly have
    unspecified other impact via unknown vectors (CVE-2012-2807).
    
    The updated packages have been patched to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=912400"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xml2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xml2_2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxml2-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxml2-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/04/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64xml2-devel-2.7.8-14.20120229.2.2.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64xml2_2-2.7.8-14.20120229.2.2.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"libxml2-python-2.7.8-14.20120229.2.2.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"libxml2-utils-2.7.8-14.20120229.2.2.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_0_BUILD_1311177_REMOTE.NASL
    descriptionThe remote VMware ESXi 5.0 host is affected by the following security vulnerabilities : - Multiple errors exist related to OpenSSL that could allow information disclosure or denial of service attacks. (CVE-2013-0166, CVE-2013-0169) - An error exists in the libxml2 library related to the expansion of XML internal entities. An attacker can exploit this to cause a denial of service. (CVE-2013-0338) - An unspecified error exists related to
    last seen2020-06-01
    modified2020-06-02
    plugin id70879
    published2013-11-13
    reporterThis script is (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70879
    titleESXi 5.0 < Build 1311175 Multiple Vulnerabilities (remote check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70879);
      script_version("1.23");
      script_cvs_date("Date: 2019/11/27");
    
      script_cve_id(
        "CVE-2013-0166",
        "CVE-2013-0169",
        "CVE-2013-0338",
        "CVE-2013-5970",
        "CVE-2013-5973",
        "CVE-2014-1207",
        "CVE-2014-1208"
      );
      script_bugtraq_id(
        57778,
        58180,
        60268,
        63216,
        64491,
        64994,
        64995
      );
      script_xref(name:"VMSA", value:"2013-0009");
      script_xref(name:"VMSA", value:"2013-0012");
      script_xref(name:"VMSA", value:"2013-0016");
      script_xref(name:"VMSA", value:"2014-0001");
    
      script_name(english:"ESXi 5.0 < Build 1311175 Multiple Vulnerabilities (remote check)");
      script_summary(english:"Checks ESXi version and build number.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote VMware ESXi 5.0 host is affected by multiple security
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote VMware ESXi 5.0 host is affected by the following security
    vulnerabilities :
    
      - Multiple errors exist related to OpenSSL that could
        allow information disclosure or denial of service
        attacks. (CVE-2013-0166, CVE-2013-0169)
    
      - An error exists in the libxml2 library related to the
        expansion of XML internal entities. An attacker can
        exploit this to cause a denial of service. (CVE-2013-0338)
    
      - An unspecified error exists related to 'hostd-vmdb'. An
        attacker can exploit this to cause a denial of service.
        (CVE-2013-5970)
    
      - An error exists in the handling of certain Virtual
        Machine file descriptors. This may allow an unprivileged
        user with the 'Add Existing Disk' privilege to obtain
        read and write access to arbitrary files, possibly
        leading to arbitrary code execution after a host reboot.
        (CVE-2013-5973)
    
      - A NULL pointer dereference flaw exists in the handling
        of Network File Copy (NFC) traffic. This issue may lead
        to a denial of service if an attacker intercepts and
        modifies the NFC traffic. (CVE-2014-1207)
    
      - A denial of service vulnerability exists in the handling
        of invalid ports that could allow a guest user to crash
        the VMX process. (CVE-2014-1208)");
      # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2055559
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?07980398");
      script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2013-0009.html");
      script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2013-0012.html");
      script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2013-0016.html");
      script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2014-0001.html");
      script_set_attribute(attribute:"solution", value:
    "Apply patch ESXi500-201310101-SG, ESXi500-201310201-UG, or
    ESXi500-Update03.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-5973");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/10/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/13");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is (C) 2013-2019 Tenable Network Security, Inc.");
    
      script_dependencies("vmware_vsphere_detect.nbin");
      script_require_keys("Host/VMware/version", "Host/VMware/release");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    ver = get_kb_item_or_exit("Host/VMware/version");
    rel = get_kb_item_or_exit("Host/VMware/release");
    
    if ("ESXi" >!< rel) audit(AUDIT_OS_NOT, "ESXi");
    if ("VMware ESXi 5.0" >!< rel) audit(AUDIT_OS_NOT, "ESXi 5.0");
    
    match = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);
    if (isnull(match)) exit(1, 'Failed to extract the ESXi build number.');
    
    build = int(match[1]);
    fixed_build = 1311175;
    
    if (build < fixed_build)
    {
      if (report_verbosity > 0)
      {
        report = '\n  ESXi version    : ' + ver +
                 '\n  Installed build : ' + build +
                 '\n  Fixed build     : ' + fixed_build +
                 '\n';
        security_warning(port:0, extra:report);
      }
      else security_warning(0);
    }
    else exit(0, "The host has "+ver+" build "+build+" and thus is not affected.");
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_843A4641981611E29C51080027019BE0.NASL
    descriptionKurt Seifried reports : libxml2 is affected by the expansion of internal entities (which can be used to consume resources) and external entities (which can cause a denial of service against other services, be used to port scan, etc.)..
    last seen2020-06-01
    modified2020-06-02
    plugin id65845
    published2013-04-08
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/65845
    titleFreeBSD : libxml2 -- cpu consumption Dos (843a4641-9816-11e2-9c51-080027019be0)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(65845);
      script_version("1.9");
      script_cvs_date("Date: 2018/11/21 10:46:31");
    
      script_cve_id("CVE-2013-0338", "CVE-2013-0339");
    
      script_name(english:"FreeBSD : libxml2 -- cpu consumption Dos (843a4641-9816-11e2-9c51-080027019be0)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Kurt Seifried reports :
    
    libxml2 is affected by the expansion of internal entities (which can
    be used to consume resources) and external entities (which can cause a
    denial of service against other services, be used to port scan,
    etc.).."
      );
      # http://seclists.org/oss-sec/2013/q1/391
      script_set_attribute(
        attribute:"see_also",
        value:"https://seclists.org/oss-sec/2013/q1/391"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-0338"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-0339"
      );
      # https://vuxml.freebsd.org/freebsd/843a4641-9816-11e2-9c51-080027019be0.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?39d26a18"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:libxml2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/03/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"libxml2<2.8.0")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130228_LIBXML2_ON_SL5_X.NASL
    descriptionA denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption. (CVE-2013-0338) The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen2020-03-18
    modified2013-03-01
    plugin id64964
    published2013-03-01
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64964
    titleScientific Linux Security Update : libxml2 on SL5.x, SL6.x i386/x86_64 (20130228)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64964);
      script_version("1.9");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-0338");
    
      script_name(english:"Scientific Linux Security Update : libxml2 on SL5.x, SL6.x i386/x86_64 (20130228)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A denial of service flaw was found in the way libxml2 performed string
    substitutions when entity values for entity references replacement was
    enabled. A remote attacker could provide a specially crafted XML file
    that, when processed by an application linked against libxml2, would
    lead to excessive CPU consumption. (CVE-2013-0338)
    
    The desktop must be restarted (log out, then log back in) for this
    update to take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1302&L=scientific-linux-errata&T=0&P=5918
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2fce6080"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxml2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxml2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxml2-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxml2-static");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/02/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL5", reference:"libxml2-2.6.26-2.1.21.el5_9.1")) flag++;
    if (rpm_check(release:"SL5", reference:"libxml2-debuginfo-2.6.26-2.1.21.el5_9.1")) flag++;
    if (rpm_check(release:"SL5", reference:"libxml2-devel-2.6.26-2.1.21.el5_9.1")) flag++;
    if (rpm_check(release:"SL5", reference:"libxml2-python-2.6.26-2.1.21.el5_9.1")) flag++;
    
    if (rpm_check(release:"SL6", reference:"libxml2-2.7.6-12.el6_4.1")) flag++;
    if (rpm_check(release:"SL6", reference:"libxml2-debuginfo-2.7.6-12.el6_4.1")) flag++;
    if (rpm_check(release:"SL6", reference:"libxml2-devel-2.7.6-12.el6_4.1")) flag++;
    if (rpm_check(release:"SL6", reference:"libxml2-python-2.7.6-12.el6_4.1")) flag++;
    if (rpm_check(release:"SL6", reference:"libxml2-static-2.7.6-12.el6_4.1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python / etc");
    }
    
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_JSA10669.NASL
    descriptionAccording to its self-reported version number, the remote Junos device is affected by multiple vulnerabilities in the libxml2 library : - A heap-based buffer overflow vulnerability exists which can result in arbitrary code execution. (CVE-2011-1944) - A denial of service vulnerability exists which can result in excessive CPU consumption. (CVE-2012-0841) - A heap-based buffer overflow vulnerability exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id80957
    published2015-01-23
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80957
    titleJuniper Junos libxml2 Library Multiple Vulnerabilities (JSA10669)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80957);
      script_version("1.9");
      script_cvs_date("Date: 2018/07/12 19:01:16");
    
      script_cve_id(
        "CVE-2011-1944",
        "CVE-2012-0841",
        "CVE-2012-5134",
        "CVE-2013-0338",
        "CVE-2013-2877"
      );
      script_bugtraq_id(48056, 52107, 56684, 58180, 61050);
    
      script_name(english:"Juniper Junos libxml2 Library Multiple Vulnerabilities (JSA10669)");
      script_summary(english:"Checks the Junos version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote device is missing a vendor-supplied security patch.");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version number, the remote Junos device
    is affected by multiple vulnerabilities in the libxml2 library :
    
      - A heap-based buffer overflow vulnerability exists which
        can result in arbitrary code execution. (CVE-2011-1944)
    
      - A denial of service vulnerability exists which can
        result in excessive CPU consumption. (CVE-2012-0841)
    
      - A heap-based buffer overflow vulnerability exists in
        the 'xmlParseAttValueComplex' function which can result
        in arbitrary code execution. (CVE-2012-5134)
    
      - A denial of service vulnerability exists due to
        excessive CPU and memory consumption in the processing
        of XML files containing entity declarations with long
        replacement text (also known as 'internal entity
        expansion with linear complexity'). (CVE-2013-0338)
    
      - A denial of service vulnerability exists related to the
        XML_PARSER_EOF state checking. (CVE-2013-2877)
    
    These vulnerabilities can be exploited by a remote attacker via a
    specially crafted XML file.");
      script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10669");
      script_set_attribute(attribute:"solution", value:
    "Apply the relevant Junos upgrade referenced in Juniper advisory
    JSA10669.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/01/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/23");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
    
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Junos Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
    
      script_dependencies("junos_version.nasl");
      script_require_keys("Host/Juniper/JUNOS/Version");
    
      exit(0);
    }
    
    include("junos.inc");
    include("misc_func.inc");
    
    ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
    
    fixes = make_array();
    fixes['11.4']    = '11.4R13';
    fixes['12.1X44'] = '12.1X44-D35';
    fixes['12.1X45'] = '12.1X45-D30';
    fixes['12.1X46'] = '12.1X46-D25';
    fixes['12.1X47'] = '12.1X47-D10';
    fixes['12.2']    = '12.2R9';
    fixes['12.3']    = '12.3R7';
    fixes['13.1']    = '13.1R4-S2';
    fixes['13.3']    = '13.3R3';
    fixes['14.1']    = '14.1R2';
    fixes['14.2']    = '14.2R1';
    
    fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);
    
    # This isn't necessary, but is included in the advisory
    if (fix == "12.1X44-D35")
      fix = "12.1X44-D35 or 12.1X44-D40";
    
    if (report_verbosity > 0)
    {
      report = get_report(ver:ver, fix:fix);
      security_hole(port:0, extra:report);
    }
    else security_hole(0);
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-198.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in libxml2 : A denial of service flaw was found in the way libxml2, a library providing support to read, modify and write XML and HTML files, performed string substitutions when entity values for external entity references replacement (--noent option) was requested / enabled during the XML file parsing. A remote attacker could provide a specially crafted XML file containing an external entity expansion, when processed would lead to excessive CPU consumption (denial of service) (CVE-2013-0339). This a different flaw from CVE-2013-0338. parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state (CVE-2013-2877). The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id69053
    published2013-07-25
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69053
    titleMandriva Linux Security Advisory : libxml2 (MDVSA-2013:198)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2013:198. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69053);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:55");
    
      script_cve_id("CVE-2013-0339", "CVE-2013-2877");
      script_bugtraq_id(59000, 61050);
      script_xref(name:"MDVSA", value:"2013:198");
    
      script_name(english:"Mandriva Linux Security Advisory : libxml2 (MDVSA-2013:198)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities has been discovered and corrected in 
    libxml2 :
    
    A denial of service flaw was found in the way libxml2, a library
    providing support to read, modify and write XML and HTML files,
    performed string substitutions when entity values for external entity
    references replacement (--noent option) was requested / enabled during
    the XML file parsing. A remote attacker could provide a specially
    crafted XML file containing an external entity expansion, when
    processed would lead to excessive CPU consumption (denial of service)
    (CVE-2013-0339). This a different flaw from CVE-2013-0338.
    
    parser.c in libxml2 before 2.9.0, as used in Google Chrome before
    28.0.1500.71 and other products, allows remote attackers to cause a
    denial of service (out-of-bounds read) via a document that ends
    abruptly, related to the lack of certain checks for the XML_PARSER_EOF
    state (CVE-2013-2877).
    
    The updated packages have been patched to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://advisories.mageia.org/MGASA-2013-0218.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=915149"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=983204"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xml2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xml2_2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxml2-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxml2-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/07/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64xml2-devel-2.7.8-14.20120229.2.3.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64xml2_2-2.7.8-14.20120229.2.3.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"libxml2-python-2.7.8-14.20120229.2.3.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"libxml2-utils-2.7.8-14.20120229.2.3.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-0581.NASL
    descriptionFrom Red Hat Security Advisory 2013:0581 : Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption. (CVE-2013-0338) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68767
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68767
    titleOracle Linux 5 / 6 : libxml2 (ELSA-2013-0581)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2013:0581 and 
    # Oracle Linux Security Advisory ELSA-2013-0581 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68767);
      script_version("1.9");
      script_cvs_date("Date: 2019/09/30 10:58:18");
    
      script_cve_id("CVE-2013-0338");
      script_bugtraq_id(48056, 53540, 56684, 58180);
      script_xref(name:"RHSA", value:"2013:0581");
    
      script_name(english:"Oracle Linux 5 / 6 : libxml2 (ELSA-2013-0581)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2013:0581 :
    
    Updated libxml2 packages that fix one security issue are now available
    for Red Hat Enterprise Linux 5 and 6.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. A Common Vulnerability Scoring System (CVSS)
    base score, which gives a detailed severity rating, is available from
    the CVE link in the References section.
    
    The libxml2 library is a development toolbox providing the
    implementation of various XML standards.
    
    A denial of service flaw was found in the way libxml2 performed string
    substitutions when entity values for entity references replacement was
    enabled. A remote attacker could provide a specially crafted XML file
    that, when processed by an application linked against libxml2, would
    lead to excessive CPU consumption. (CVE-2013-0338)
    
    All users of libxml2 are advised to upgrade to these updated packages,
    which contain a backported patch to correct this issue. The desktop
    must be restarted (log out, then log back in) for this update to take
    effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2013-February/003308.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2013-March/003319.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libxml2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libxml2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libxml2-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libxml2-static");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/02/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"libxml2-2.6.26-2.1.21.0.1.el5_9.1")) flag++;
    if (rpm_check(release:"EL5", reference:"libxml2-devel-2.6.26-2.1.21.0.1.el5_9.1")) flag++;
    if (rpm_check(release:"EL5", reference:"libxml2-python-2.6.26-2.1.21.0.1.el5_9.1")) flag++;
    
    if (rpm_check(release:"EL6", reference:"libxml2-2.7.6-12.0.1.el6_4.1")) flag++;
    if (rpm_check(release:"EL6", reference:"libxml2-devel-2.7.6-12.0.1.el6_4.1")) flag++;
    if (rpm_check(release:"EL6", reference:"libxml2-python-2.7.6-12.0.1.el6_4.1")) flag++;
    if (rpm_check(release:"EL6", reference:"libxml2-static-2.7.6-12.0.1.el6_4.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2 / libxml2-devel / libxml2-python / libxml2-static");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201412-11.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201412-11 (AMD64 x86 emulation base libraries: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id79964
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79964
    titleGLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201412-11.
    #
    # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79964);
      script_version("1.10");
      script_cvs_date("Date: 2019/11/12");
    
      script_cve_id("CVE-2007-0720", "CVE-2007-1536", "CVE-2007-2026", "CVE-2007-2445", "CVE-2007-2741", "CVE-2007-3108", "CVE-2007-4995", "CVE-2007-5116", "CVE-2007-5135", "CVE-2007-5266", "CVE-2007-5268", "CVE-2007-5269", "CVE-2007-5849", "CVE-2010-1205", "CVE-2013-0338", "CVE-2013-0339", "CVE-2013-1664", "CVE-2013-1969", "CVE-2013-2877", "CVE-2014-0160");
      script_bugtraq_id(41174, 58180, 58892, 59000, 59265, 61050, 66690);
      script_xref(name:"GLSA", value:"201412-11");
    
      script_name(english:"GLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed)");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201412-11
    (AMD64 x86 emulation base libraries: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in AMD64 x86 emulation
          base libraries. Please review the CVE identifiers referenced below for
          details.
      
    Impact :
    
        A context-dependent attacker may be able to execute arbitrary code,
          cause a Denial of Service condition, or obtain sensitive information.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201412-11"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All users of the AMD64 x86 emulation base libraries should upgrade to
          the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=app-emulation/emul-linux-x86-baselibs-20140406-r1'
        NOTE: One or more of the issues described in this advisory have been
          fixed in previous updates. They are included in this advisory for the
          sake of completeness. It is likely that your system is already no longer
          affected by them."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(20, 119, 189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:emul-linux-x86-baselibs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/12/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/15");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-emulation/emul-linux-x86-baselibs", unaffected:make_list("ge 20140406-r1"), vulnerable:make_list("lt 20140406-r1"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "AMD64 x86 emulation base libraries");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2013-1627-1.NASL
    descriptionlibxml2 has been updated to fix the following security issue : - CVE-2013-0338: libxml2 allowed context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka
    last seen2020-06-05
    modified2015-05-20
    plugin id83599
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83599
    titleSUSE SLES10 Security Update : libxml2 (SUSE-SU-2013:1627-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2013:1627-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83599);
      script_version("2.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2011-3102", "CVE-2011-3919", "CVE-2012-0841", "CVE-2012-2807", "CVE-2012-5134", "CVE-2013-0338", "CVE-2013-0339", "CVE-2013-2877");
      script_bugtraq_id(51300, 52107, 53540, 54203, 54718, 56684, 58180, 59000, 61041, 61050);
    
      script_name(english:"SUSE SLES10 Security Update : libxml2 (SUSE-SU-2013:1627-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "libxml2 has been updated to fix the following security issue :
    
      - CVE-2013-0338: libxml2 allowed context-dependent
        attackers to cause a denial of service (CPU and memory
        consumption) via an XML file containing an entity
        declaration with long replacement text and many
        references to this entity, aka 'internal entity
        expansion' with linear complexity.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://download.suse.com/patch/finder/?keywords=aeb05c467f847178dc94b70e3bc77cc8
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?cdc8f74f"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-3102.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-3919.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-0841.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-2807.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5134.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0338.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0339.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2877.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/829077"
      );
      # https://www.suse.com/support/update/announcement/2013/suse-su-20131627-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?18ac0600"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libxml2 packages"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-python");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^(SLES10)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES10", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES10" && (! ereg(pattern:"^4$", string:sp))) audit(AUDIT_OS_NOT, "SLES10 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"libxml2-32bit-2.6.23-15.39.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"libxml2-devel-32bit-2.6.23-15.39.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"libxml2-32bit-2.6.23-15.39.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"libxml2-devel-32bit-2.6.23-15.39.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"libxml2-2.6.23-15.39.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"libxml2-devel-2.6.23-15.39.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"libxml2-python-2.6.23-15.39.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2");
    }
    
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2013-0009.NASL
    descriptiona. vCenter Server and ESX userworld update for OpenSSL library The userworld OpenSSL library is updated to version openssl-0.9.8y to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-0169 and CVE-2013-0166 to these issues. b. Service Console (COS) update for OpenSSL library The Service Console updates for OpenSSL library is updated to version openssl-0.9.8e-26.el5_9.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-0169 and CVE-2013-0166 to these issues. c. ESX Userworld and Service Console (COS) update for libxml2 library The ESX Userworld and Service Console libxml2 library is updated to version libxml2-2.6.26-2.1.21.el5_9.1 and libxml2-python-2.6.26-2.1.21.el5_9.1. to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-0338 to this issue. d. Service Console (COS) update for GnuTLS library The ESX service console GnuTLS RPM is updated to version gnutls-1.4.1-10.el5_9.1 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-2116 to this issue. e. ESX third-party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-348.3.1.el5 which addresses several security issues in the COS kernel. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-0268 and CVE-2013-0871 to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id69193
    published2013-08-02
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69193
    titleVMSA-2013-0009 : VMware vSphere, ESX and ESXi updates to third-party libraries
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from VMware Security Advisory 2013-0009. 
    # The text itself is copyright (C) VMware Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69193);
      script_version("1.15");
      script_cvs_date("Date: 2018/08/06 14:03:16");
    
      script_cve_id("CVE-2013-0166", "CVE-2013-0169", "CVE-2013-0268", "CVE-2013-0338", "CVE-2013-0871", "CVE-2013-2116");
      script_bugtraq_id(57778, 57838, 57986, 58180, 60215, 60268);
      script_xref(name:"VMSA", value:"2013-0009");
    
      script_name(english:"VMSA-2013-0009 : VMware vSphere, ESX and ESXi updates to third-party libraries");
      script_summary(english:"Checks esxupdate output for the patches");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote VMware ESXi / ESX host is missing one or more
    security-related patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "a. vCenter Server and ESX userworld update for OpenSSL library
    
       The userworld OpenSSL library is updated to version openssl-0.9.8y
       to resolve multiple security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the names CVE-2013-0169 and CVE-2013-0166 to these
       issues.
    
    b. Service Console (COS) update for OpenSSL library
    
       The Service Console updates for OpenSSL library is updated to version
       openssl-0.9.8e-26.el5_9.1 to resolve multiple security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the names CVE-2013-0169 and CVE-2013-0166 to these
       issues.
    
    c. ESX Userworld and Service Console (COS) update for libxml2 library 
    
       The ESX Userworld and Service Console libxml2 library is updated to
       version libxml2-2.6.26-2.1.21.el5_9.1 and 
       libxml2-python-2.6.26-2.1.21.el5_9.1. to resolve a security issue.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the name CVE-2013-0338 to this issue.
    
    d. Service Console (COS) update for GnuTLS library 
    
       The ESX service console GnuTLS RPM is updated to version
       gnutls-1.4.1-10.el5_9.1 to resolve a security issue.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the name CVE-2013-2116 to this issue.
    
    e. ESX third-party update for Service Console kernel 
    
       The ESX Service Console Operating System (COS) kernel is updated 
       to kernel-2.6.18-348.3.1.el5 which addresses several security
       issues in the COS kernel. 
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the names CVE-2013-0268 and CVE-2013-0871 to these
       issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://lists.vmware.com/pipermail/security-announce/2014/000230.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply the missing patches.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:4.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/07/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
      script_family(english:"VMware ESX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
      script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("vmware_esx_packages.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
    if (
      !get_kb_item("Host/VMware/esxcli_software_vibs") &&
      !get_kb_item("Host/VMware/esxupdate")
    ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    init_esx_check(date:"2013-07-31");
    flag = 0;
    
    
    if (
      esx_check(
        ver           : "ESX 4.0",
        patch         : "ESX400-201310401-SG",
        patch_updates : make_list("ESX400-201404401-SG")
      )
    ) flag++;
    
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201307401-SG",
        patch_updates : make_list("ESX410-201312401-SG", "ESX410-201404401-SG")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201307402-SG",
        patch_updates : make_list("ESX410-201312403-SG")
      )
    ) flag++;
    if (esx_check(ver:"ESX 4.1", patch:"ESX410-201307403-SG")) flag++;
    if (esx_check(ver:"ESX 4.1", patch:"ESX410-201307404-SG")) flag++;
    if (esx_check(ver:"ESX 4.1", patch:"ESX410-201307405-SG")) flag++;
    
    if (
      esx_check(
        ver           : "ESXi 4.0",
        patch         : "ESXi400-201310401-SG",
        patch_updates : make_list("ESXi400-201404401-SG")
      )
    ) flag++;
    
    if (
      esx_check(
        ver           : "ESXi 4.1",
        patch         : "ESXi410-201307401-SG",
        patch_updates : make_list("ESXi410-201312401-SG", "ESXi410-201404401-SG")
      )
    ) flag++;
    
    if (esx_check(ver:"ESXi 5.0", vib:"VMware:esx-base:5.0.0-2.38.1311177")) flag++;
    if (esx_check(ver:"ESXi 5.0", vib:"VMware:misc-drivers:5.0.0-2.38.1311177")) flag++;
    if (esx_check(ver:"ESXi 5.0", vib:"VMware:net-bnx2x:1.61.15.v50.1-2vmw.500.2.38.1311177")) flag++;
    
    if (esx_check(ver:"ESXi 5.1", vib:"VMware:esx-base:5.1.0-1.22.1472666")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:esx_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0581.NASL
    descriptionUpdated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption. (CVE-2013-0338) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id64945
    published2013-03-01
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64945
    titleRHEL 5 / 6 : libxml2 (RHSA-2013:0581)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:0581. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64945);
      script_version("1.20");
      script_cvs_date("Date: 2019/10/24 15:35:36");
    
      script_cve_id("CVE-2013-0338");
      script_bugtraq_id(58180);
      script_xref(name:"RHSA", value:"2013:0581");
    
      script_name(english:"RHEL 5 / 6 : libxml2 (RHSA-2013:0581)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated libxml2 packages that fix one security issue are now available
    for Red Hat Enterprise Linux 5 and 6.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. A Common Vulnerability Scoring System (CVSS)
    base score, which gives a detailed severity rating, is available from
    the CVE link in the References section.
    
    The libxml2 library is a development toolbox providing the
    implementation of various XML standards.
    
    A denial of service flaw was found in the way libxml2 performed string
    substitutions when entity values for entity references replacement was
    enabled. A remote attacker could provide a specially crafted XML file
    that, when processed by an application linked against libxml2, would
    lead to excessive CPU consumption. (CVE-2013-0338)
    
    All users of libxml2 are advised to upgrade to these updated packages,
    which contain a backported patch to correct this issue. The desktop
    must be restarted (log out, then log back in) for this update to take
    effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2013:0581"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-0338"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2-static");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.9");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/02/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2013:0581";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", reference:"libxml2-2.6.26-2.1.21.el5_9.1")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"libxml2-debuginfo-2.6.26-2.1.21.el5_9.1")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"libxml2-devel-2.6.26-2.1.21.el5_9.1")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"libxml2-python-2.6.26-2.1.21.el5_9.1")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"libxml2-python-2.6.26-2.1.21.el5_9.1")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"libxml2-python-2.6.26-2.1.21.el5_9.1")) flag++;
    
    
      if (rpm_check(release:"RHEL6", reference:"libxml2-2.7.6-12.el6_4.1")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"libxml2-debuginfo-2.7.6-12.el6_4.1")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"libxml2-devel-2.7.6-12.el6_4.1")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libxml2-python-2.7.6-12.el6_4.1")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libxml2-python-2.7.6-12.el6_4.1")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libxml2-python-2.7.6-12.el6_4.1")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libxml2-static-2.7.6-12.el6_4.1")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libxml2-static-2.7.6-12.el6_4.1")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libxml2-static-2.7.6-12.el6_4.1")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python / etc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBXML2-8513.NASL
    descriptionlibxml2 has been updated to fix entity expansion problems : - Internal entity expansion within XML was not bounded, leading to simple small XML files being able to cause
    last seen2020-06-05
    modified2013-05-03
    plugin id66301
    published2013-05-03
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66301
    titleSuSE 10 Security Update : libxml2 (ZYPP Patch Number 8513)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66301);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-0338", "CVE-2013-0339");
    
      script_name(english:"SuSE 10 Security Update : libxml2 (ZYPP Patch Number 8513)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "libxml2 has been updated to fix entity expansion problems :
    
      - Internal entity expansion within XML was not bounded,
        leading to simple small XML files being able to cause
        'out of memory' denial of service conditions.
        (CVE-2013-0338)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0338.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0339.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 8513.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/03/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:4, reference:"libxml2-2.6.23-15.37.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, reference:"libxml2-devel-2.6.23-15.37.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, reference:"libxml2-python-2.6.23-15.37.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"libxml2-32bit-2.6.23-15.37.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"libxml2-devel-32bit-2.6.23-15.37.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"libxml2-2.6.23-15.37.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"libxml2-devel-2.6.23-15.37.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"libxml2-python-2.6.23-15.37.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"libxml2-32bit-2.6.23-15.37.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"libxml2-devel-32bit-2.6.23-15.37.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-263.NASL
    descriptionlibxml2 was updated to limit internal entity expansion denial of service problems (IXE) (CVE-2013-0338) (bnc#805233)
    last seen2020-06-05
    modified2014-06-13
    plugin id74946
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74946
    titleopenSUSE Security Update : libxml2 (openSUSE-SU-2013:0552-1)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_LIBXML2_20130716.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka
    last seen2020-06-01
    modified2020-06-02
    plugin id80690
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80690
    titleOracle Solaris Third-Party Patch Update : libxml2 (cve_2013_0338_denial_of)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201311-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201311-06 (libxml2: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted document with an application linked against libxml2, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id70836
    published2013-11-11
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70836
    titleGLSA-201311-06 : libxml2: Multiple vulnerabilities
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_1_BUILD_1483097_REMOTE.NASL
    descriptionThe remote VMware ESXi 5.1 host is affected by the following vulnerabilities : - A denial of service vulnerability exists in the bundled OpenSSL library that is triggered when handling OCSP response verification. A remote attacker can exploit this to crash the program. (CVE-2013-0166) - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker can obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169) - An error exists in the libxml2 library related to the expansion of XML internal entities that could allow denial of service attacks. (CVE-2013-0338) - A NULL pointer dereference flaw exists in the handling of Network File Copy (NFC) traffic. An attacker can exploit this by intercepting and modifying NFC traffic, to cause a denial of service condition. (CVE-2014-1207) - A denial of service vulnerability exists in the handling of invalid ports that could allow a guest user to crash the VMX process. (CVE-2014-1208)
    last seen2020-06-01
    modified2020-06-02
    plugin id72037
    published2014-01-20
    reporterThis script is (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72037
    titleESXi 5.1 < Build 1483097 Multiple Vulnerabilities (remote check)

Redhat

advisories
bugzilla
id912400
titleCVE-2013-0338 libxml2: CPU consumption DoS when performing string substitutions during entities expansion
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentlibxml2-devel is earlier than 0:2.6.26-2.1.21.el5_9.1
          ovaloval:com.redhat.rhsa:tst:20130581001
        • commentlibxml2-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080032009
      • AND
        • commentlibxml2 is earlier than 0:2.6.26-2.1.21.el5_9.1
          ovaloval:com.redhat.rhsa:tst:20130581003
        • commentlibxml2 is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080032013
      • AND
        • commentlibxml2-python is earlier than 0:2.6.26-2.1.21.el5_9.1
          ovaloval:com.redhat.rhsa:tst:20130581005
        • commentlibxml2-python is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080032011
  • AND
    • commentRed Hat Enterprise Linux 6 is installed
      ovaloval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • commentlibxml2-python is earlier than 0:2.7.6-12.el6_4.1
          ovaloval:com.redhat.rhsa:tst:20130581008
        • commentlibxml2-python is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20111749008
      • AND
        • commentlibxml2 is earlier than 0:2.7.6-12.el6_4.1
          ovaloval:com.redhat.rhsa:tst:20130581010
        • commentlibxml2 is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20111749006
      • AND
        • commentlibxml2-devel is earlier than 0:2.7.6-12.el6_4.1
          ovaloval:com.redhat.rhsa:tst:20130581012
        • commentlibxml2-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20111749004
      • AND
        • commentlibxml2-static is earlier than 0:2.7.6-12.el6_4.1
          ovaloval:com.redhat.rhsa:tst:20130581014
        • commentlibxml2-static is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20111749002
rhsa
idRHSA-2013:0581
released2013-02-28
severityModerate
titleRHSA-2013:0581: libxml2 security update (Moderate)
rpms
  • libxml2-0:2.6.26-2.1.21.el5_9.1
  • libxml2-0:2.7.6-12.el6_4.1
  • libxml2-debuginfo-0:2.6.26-2.1.21.el5_9.1
  • libxml2-debuginfo-0:2.7.6-12.el6_4.1
  • libxml2-devel-0:2.6.26-2.1.21.el5_9.1
  • libxml2-devel-0:2.7.6-12.el6_4.1
  • libxml2-python-0:2.6.26-2.1.21.el5_9.1
  • libxml2-python-0:2.7.6-12.el6_4.1
  • libxml2-static-0:2.7.6-12.el6_4.1