Vulnerabilities > CVE-2014-5044 - Integer Overflow or Wraparound vulnerability in GNU Libgfortran

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
gnu
CWE-190
critical
nessus
NVD
Published: 2018-03-07
Updated: 2018-03-27

Summary

Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.

Vulnerable Configurations

Part Description Count
Application
Gnu
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0233_GCC.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has gcc packages installed that are affected by multiple vulnerabilities: - Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation. (CVE-2014-5044) - The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. (CVE-2015-5276) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132504
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132504
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : gcc Multiple Vulnerabilities (NS-SA-2019-0233)
    code
    #
# (C) Tenable Network Security, Inc.
#

# The descriptive text and package checks in this plugin were
# extracted from ZTE advisory NS-SA-2019-0233. The text
# itself is copyright (C) ZTE, Inc.

include('compat.inc');

if (description)
{
  script_id(132504);
  script_version("1.2");
  script_cvs_date("Date: 2020/01/02");

  script_cve_id("CVE-2014-5044", "CVE-2015-5276");
  script_bugtraq_id(68870);

  script_name(english:"NewStart CGSL CORE 5.05 / MAIN 5.05 : gcc Multiple Vulnerabilities (NS-SA-2019-0233)");

  script_set_attribute(attribute:"synopsis", value:
"The remote machine is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has gcc packages installed that are affected by
multiple vulnerabilities:

  - Multiple integer overflows in libgfortran might allow
    remote attackers to execute arbitrary code or cause a
    denial of service (Fortran application crash) via
    vectors related to array allocation. (CVE-2014-5044)

  - The std::random_device class in libstdc++ in the GNU
    Compiler Collection (aka GCC) before 4.9.4 does not
    properly handle short reads from blocking sources, which
    makes it easier for context-dependent attackers to
    predict the random values via unspecified vectors.
    (CVE-2015-5276)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0233");
  script_set_attribute(attribute:"solution", value:
"Upgrade the vulnerable CGSL gcc packages. Note that updated packages may not be available yet. Please contact ZTE for
more information.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-5044");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/11/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/12/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/31");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"NewStart CGSL Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/ZTE-CGSL/release");
if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");

if (release !~ "CGSL CORE 5.05" &&
    release !~ "CGSL MAIN 5.05")
  audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');

if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);

flag = 0;

pkgs = {
  "CGSL CORE 5.05": [
    "cpp-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "gcc-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "gcc-base-debuginfo-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "gcc-c++-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "gcc-debuginfo-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "gcc-gfortran-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "gcc-gnat-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "gcc-objc-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "gcc-objc++-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "gcc-plugin-devel-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libasan-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libasan-static-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libatomic-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libatomic-static-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libgcc-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libgfortran-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libgfortran-static-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libgnat-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libgnat-devel-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libgnat-static-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libgomp-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libitm-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libitm-devel-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libitm-static-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libmudflap-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libmudflap-devel-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libmudflap-static-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libobjc-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libquadmath-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libquadmath-devel-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libquadmath-static-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libstdc++-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libstdc++-devel-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libstdc++-docs-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libstdc++-static-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libtsan-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libtsan-static-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1"
  ],
  "CGSL MAIN 5.05": [
    "cpp-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "gcc-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "gcc-base-debuginfo-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "gcc-c++-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "gcc-debuginfo-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "gcc-gfortran-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "gcc-gnat-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "gcc-objc-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "gcc-objc++-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "gcc-plugin-devel-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libasan-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libasan-static-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libatomic-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libatomic-static-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libgcc-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libgfortran-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libgfortran-static-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libgnat-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libgnat-devel-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libgnat-static-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libgomp-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libitm-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libitm-devel-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libitm-static-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libmudflap-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libmudflap-devel-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libmudflap-static-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libobjc-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libquadmath-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libquadmath-devel-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libquadmath-static-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libstdc++-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libstdc++-devel-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libstdc++-docs-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libstdc++-static-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libtsan-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1",
    "libtsan-static-4.8.5-36.el7_6.2.cgslv5_5.0.1.g2b256a1"
  ]
};
pkg_list = pkgs[release];

foreach (pkg in pkg_list)
  if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gcc");
}
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-170.NASL
    descriptionUpdated gcc packages fix the following security issue : Multiple integer overflow issues were found in libgfortran, the run-time support library for the Fortran compiler. These could possibly be used to crash a Fortran application or cause it to execute arbitrary code CVE-2014-5044). They also fix the following bugs : The gcc rtl-optimization sched2 miscompiles syscall sequence wich can cause random panic in glibc and kernel (gcc/PR61801) clang++ fails to find cxxabi.h and cxxabi_tweaks.h during build (mga#13543)
    last seen2020-06-01
    modified2020-06-02
    plugin id82446
    published2015-03-31
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82446
    titleMandriva Linux Security Advisory : gcc (MDVSA-2015:170)
    code
    #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2015:170. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(82446);
  script_version("1.3");
  script_cvs_date("Date: 2019/08/02 13:32:57");

  script_cve_id("CVE-2014-5044");
  script_xref(name:"MDVSA", value:"2015:170");

  script_name(english:"Mandriva Linux Security Advisory : gcc (MDVSA-2015:170)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated gcc packages fix the following security issue :

Multiple integer overflow issues were found in libgfortran, the
run-time support library for the Fortran compiler. These could
possibly be used to crash a Fortran application or cause it to execute
arbitrary code CVE-2014-5044).

They also fix the following bugs :

The gcc rtl-optimization sched2 miscompiles syscall sequence wich can
cause random panic in glibc and kernel (gcc/PR61801)

clang++ fails to find cxxabi.h and cxxabi_tweaks.h during build
(mga#13543)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://advisories.mageia.org/MGASA-2014-0306.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gcc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gcc-c++");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gcc-cpp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gcc-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gcc-doc-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gcc-gfortran");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gcc-gnat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gcc-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gcc-objc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gcc-objc++");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gcc-plugins");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gcj-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gcj-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gcj-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gcj14");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gcj_bc1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libasan-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libasan0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libatomic-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libatomic1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgcc1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgcj14-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgcj14-src");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgfortran3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgnat1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgomp-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgomp1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libitm-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libitm1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmudflap-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmudflap0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libobjc4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libquadmath-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libquadmath0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libstdc++-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libstdc++-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libstdc++-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libstdc++6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libtsan-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libtsan0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"gcc-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"gcc-c++-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"gcc-cpp-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", reference:"gcc-doc-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", reference:"gcc-doc-pdf-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"gcc-gfortran-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"gcc-gnat-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"gcc-java-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"gcc-objc-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"gcc-objc++-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"gcc-plugins-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"gcj-tools-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64gcj-devel-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64gcj-static-devel-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64gcj14-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64gcj_bc1-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libasan-devel-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libasan0-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libatomic-devel-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libatomic1-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libgcc1-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libgcj14-base-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libgcj14-src-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libgfortran3-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libgnat1-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libgomp-devel-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libgomp1-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libitm-devel-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libitm1-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libmudflap-devel-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libmudflap0-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libobjc4-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libquadmath-devel-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libquadmath0-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libstdc++-devel-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", reference:"libstdc++-docs-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libstdc++-static-devel-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libstdc++6-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libtsan-devel-4.8.2-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libtsan0-4.8.2-5.1.mbs2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

References