[prev in list] [next in list] [prev in thread] [next in thread]
List: openvas-cvs
Subject: [Openvas-commits] r16509 - in trunk/openvas-plugins: . scripts/2013
From: scm-commit () wald ! intevation ! org
Date: 2013-05-30 14:12:54
Message-ID: 20130530141256.9A6AF9A19083 () wald ! intevation ! org
[Download RAW message or body]
Author: antu123
Date: 2013-05-30 16:12:53 +0200 (Thu, 30 May 2013)
New Revision: 16509
Added:
trunk/openvas-plugins/scripts/2013/gb_CESA-2013_0847_kernel_centos5.nasl
trunk/openvas-plugins/scripts/2013/gb_fedora_2013_7797_curl_fc17.nasl
trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8182_nginx_fc18.nasl
trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8193_python-virtualenv_fc18.nasl
trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8219_krb5_fc17.nasl
trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8221_python-virtualenv_fc17.nasl
trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8398_firefox_fc17.nasl
trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8398_xulrunner_fc17.nasl
trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8571_xen_fc17.nasl
trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8590_xen_fc18.nasl
trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1822_1.nasl
trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1823_1.nasl
trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1824_1.nasl
trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1825_1.nasl
trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1826_1.nasl
trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1827_1.nasl
trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1828_1.nasl
trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1829_1.nasl
trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1830_1.nasl
trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1831_1.nasl
trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1833_1.nasl
trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1834_1.nasl
trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1835_1.nasl
trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1836_1.nasl
trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1837_1.nasl
Modified:
trunk/openvas-plugins/ChangeLog
Log:
Added new auto generated plugins.
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2013-05-30 13:58:21 UTC (rev 16508)
+++ trunk/openvas-plugins/ChangeLog 2013-05-30 14:12:53 UTC (rev 16509)
@@ -1,3 +1,32 @@
+2013-05-30 Antu Sanadi <santu@secpod.com>
+
+ * scripts/2013/gb_CESA-2013_0847_kernel_centos5.nasl,
+ scripts/2013/gb_fedora_2013_7797_curl_fc17.nasl,
+ scripts/2013/gb_fedora_2013_8182_nginx_fc18.nasl,
+ scripts/2013/gb_fedora_2013_8193_python-virtualenv_fc18.nasl,
+ scripts/2013/gb_fedora_2013_8219_krb5_fc17.nasl,
+ scripts/2013/gb_fedora_2013_8221_python-virtualenv_fc17.nasl,
+ scripts/2013/gb_fedora_2013_8398_firefox_fc17.nasl,
+ scripts/2013/gb_fedora_2013_8398_xulrunner_fc17.nasl,
+ scripts/2013/gb_fedora_2013_8571_xen_fc17.nasl,
+ scripts/2013/gb_fedora_2013_8590_xen_fc18.nasl,
+ scripts/2013/gb_ubuntu_USN_1822_1.nasl,
+ scripts/2013/gb_ubuntu_USN_1823_1.nasl,
+ scripts/2013/gb_ubuntu_USN_1824_1.nasl,
+ scripts/2013/gb_ubuntu_USN_1825_1.nasl,
+ scripts/2013/gb_ubuntu_USN_1826_1.nasl,
+ scripts/2013/gb_ubuntu_USN_1827_1.nasl,
+ scripts/2013/gb_ubuntu_USN_1828_1.nasl,
+ scripts/2013/gb_ubuntu_USN_1829_1.nasl,
+ scripts/2013/gb_ubuntu_USN_1830_1.nasl,
+ scripts/2013/gb_ubuntu_USN_1831_1.nasl,
+ scripts/2013/gb_ubuntu_USN_1833_1.nasl,
+ scripts/2013/gb_ubuntu_USN_1834_1.nasl,
+ scripts/2013/gb_ubuntu_USN_1835_1.nasl,
+ scripts/2013/gb_ubuntu_USN_1836_1.nasl,
+ scripts/2013/gb_ubuntu_USN_1837_1.nasl:
+ Added new auto generated plugins.
+
2013-05-30 Michael Meyer <michael.meyer@greenbone.net>
* cripts/2013/gb_VMSA-2013-0004.nasl:
Added: trunk/openvas-plugins/scripts/2013/gb_CESA-2013_0847_kernel_centos5.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_CESA-2013_0847_kernel_centos5.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_CESA-2013_0847_kernel_centos5.nasl 2013-05-30 \
14:12:53 UTC (rev 16509) @@ -0,0 +1,186 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# CentOS Update for kernel CESA-2013:0847 centos5
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ The kernel packages contain the Linux kernel, the core of any Linux
+ operating system.
+
+ This update fixes the following security issue:
+
+ * A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled
+ interrupt remapping entries. By default, a single interrupt remapping
+ table is used, and old interrupt remapping entries are not cleared,
+ potentially allowing a privileged guest user in a guest that has a
+ passed-through, bus-mastering capable PCI device to inject interrupt
+ entries into others guests, including the privileged management domain
+ (Dom0), leading to a denial of service. (CVE-2013-0153, Moderate)
+
+ Red Hat would like to thank the Xen project for reporting the CVE-2013-0153
+ issue.
+
+ This update also fixes the following bugs:
+
+ * When a process is opening a file over NFSv4, sometimes an OPEN call can
+ succeed while the following GETATTR operation fails with an NFS4ERR_DELAY
+ error. The NFSv4 code did not handle such a situation correctly and allowed
+ an NFSv4 client to attempt to use the buffer that should contain the
+ GETATTR information. However, the buffer did not contain the valid GETATTR
+ information, which caused the client to return a "-ENOTDIR" error.
+ Consequently, the process failed to open the requested file. This update
+ backports a patch that adds a test condition verifying validity of the
+ GETATTR information. If the GETATTR information is invalid, it is obtained
+ later and the process opens the requested file as expected. (BZ#947736)
+
+ * Previously, the xdr routines in NFS version 2 and 3 conditionally updated
+ the res->count variable. Read retry attempts after a short NFS read() call
+ could fail to update the res->count variable, resulting in truncated read
+ data being returned. With this update, the res->count variable is updated
+ unconditionally so this bug can no longer occur. (BZ#952098)
+
+ * When handling requests from Intelligent Platform Management Interface
+ (IPMI) clients, the IPMI driver previously used two different locks for an
+ IPMI request. If two IPMI clients sent their requests at the same time,
+ each request could receive one of the locks and then wait for the second
+ lock to become available. This resulted in a deadlock situation and the
+ system became unresponsive. The problem could occur more likely in
+ environments with many IPMI clients. This update modifies the IPMI driver
+ to handle the received messages using tasklets so the driver now uses a
+ safe locking technique when handling IPMI requests and the mentioned
+ deadlock can no longer occur. (BZ#953435)
+
+ * In ...
+
+ Description truncated, for more information please check the Reference URL
+
+ Affected Software/OS:
+ kernel on CentOS 5
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(881737);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-23 09:54:54 +0530 (Thu, 23 May \
2013)"); + script_cve_id("CVE-2013-0153");
+ script_tag(name:"cvss_base", value:"4.7");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:N/I:N/A:C");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_name("CentOS Update for kernel CESA-2013:0847 centos5 ");
+
+ script_description(desc);
+ script_xref(name: "CESA", value: "2013:0847");
+ script_xref(name: "URL" , value: \
"http://lists.centos.org/pipermail/centos-announce/2013-May/019735.html"); + \
script_summary("Check for the Version of kernel"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("CentOS Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:centos:centos", "login/SSH/success", \
"ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "CentOS5")
+{
+
+ if ((res = isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.18~348.6.1.el5", \
rls:"CentOS5")) != NULL) + {
+ security_warning(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.18~348.6.1.el5", \
rls:"CentOS5")) != NULL) + {
+ security_warning(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"kernel-debug-devel", \
rpm:"kernel-debug-devel~2.6.18~348.6.1.el5", rls:"CentOS5")) != NULL) + {
+ security_warning(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.18~348.6.1.el5", \
rls:"CentOS5")) != NULL) + {
+ security_warning(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.18~348.6.1.el5", \
rls:"CentOS5")) != NULL) + {
+ security_warning(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"kernel-headers", \
rpm:"kernel-headers~2.6.18~348.6.1.el5", rls:"CentOS5")) != NULL) + {
+ security_warning(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"kernel-PAE", rpm:"kernel-PAE~2.6.18~348.6.1.el5", \
rls:"CentOS5")) != NULL) + {
+ security_warning(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"kernel-PAE-devel", \
rpm:"kernel-PAE-devel~2.6.18~348.6.1.el5", rls:"CentOS5")) != NULL) + {
+ security_warning(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~2.6.18~348.6.1.el5", \
rls:"CentOS5")) != NULL) + {
+ security_warning(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isrpmvuln(pkg:"kernel-xen-devel", \
rpm:"kernel-xen-devel~2.6.18~348.6.1.el5", rls:"CentOS5")) != NULL) + {
+ security_warning(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_CESA-2013_0847_kernel_centos5.nasl \
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_fedora_2013_7797_curl_fc17.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_fedora_2013_7797_curl_fc17.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_fedora_2013_7797_curl_fc17.nasl 2013-05-30 \
14:12:53 UTC (rev 16509) @@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for curl FEDORA-2013-7797
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ curl is a command line tool for transferring data with URL syntax, supporting
+ FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
+ SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP
+ uploading, HTTP form based upload, proxies, cookies, user+password
+ authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer
+ resume, proxy tunneling and a busload of other useful tricks.
+
+
+ Affected Software/OS:
+ curl on Fedora 17
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(865641);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-27 11:51:38 +0530 (Mon, 27 May \
2013)"); + script_cve_id("CVE-2013-1944");
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_name("Fedora Update for curl FEDORA-2013-7797");
+
+ script_description(desc);
+ script_xref(name: "FEDORA", value: "2013-7797");
+ script_xref(name: "URL" , value: \
"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106606.html"); + \
script_summary("Check for the Version of curl"); + script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:fedoraproject:fedora", \
"login/SSH/success", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC17")
+{
+
+ if ((res = isrpmvuln(pkg:"curl", rpm:"curl~7.24.0~9.fc17", rls:"FC17")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
\ No newline at end of file
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_fedora_2013_7797_curl_fc17.nasl \
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8182_nginx_fc18.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8182_nginx_fc18.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8182_nginx_fc18.nasl 2013-05-30 \
14:12:53 UTC (rev 16509) @@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for nginx FEDORA-2013-8182
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
+ IMAP protocols, with a strong focus on high concurrency, performance and low
+ memory usage.
+
+
+ Affected Software/OS:
+ nginx on Fedora 18
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(865640);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-27 11:51:35 +0530 (Mon, 27 May \
2013)"); + script_cve_id("CVE-2013-2070", "CVE-2013-2028");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Fedora Update for nginx FEDORA-2013-8182");
+
+ script_description(desc);
+ script_xref(name: "FEDORA", value: "2013-8182");
+ script_xref(name: "URL" , value: \
"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105950.html"); + \
script_summary("Check for the Version of nginx"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:fedoraproject:fedora", \
"login/SSH/success", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC18")
+{
+
+ if ((res = isrpmvuln(pkg:"nginx", rpm:"nginx~1.2.9~1.fc18", rls:"FC18")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8182_nginx_fc18.nasl \
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8193_python-virtualenv_fc18.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8193_python-virtualenv_fc18.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8193_python-virtualenv_fc18.nasl 2013-05-30 \
14:12:53 UTC (rev 16509) @@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for python-virtualenv FEDORA-2013-8193
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ virtualenv is a tool to create isolated Python environments. virtualenv
+ is a successor to workingenv, and an extension of virtual-python. It is
+ written by Ian Bicking, and sponsored by the Open Planning Project. It is
+ licensed under an MIT-style permissive license.
+
+
+ Affected Software/OS:
+ python-virtualenv on Fedora 18
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(865637);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-27 11:51:03 +0530 (Mon, 27 May \
2013)"); + script_cve_id("CVE-2013-1888");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Fedora Update for python-virtualenv FEDORA-2013-8193");
+
+ script_description(desc);
+ script_xref(name: "FEDORA", value: "2013-8193");
+ script_xref(name: "URL" , value: \
"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105952.html"); + \
script_summary("Check for the Version of python-virtualenv"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:fedoraproject:fedora", \
"login/SSH/success", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC18")
+{
+
+ if ((res = isrpmvuln(pkg:"python-virtualenv", \
rpm:"python-virtualenv~1.9.1~1.fc18", rls:"FC18")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8193_python-virtualenv_fc18.nasl \
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8219_krb5_fc17.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8219_krb5_fc17.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8219_krb5_fc17.nasl 2013-05-30 \
14:12:53 UTC (rev 16509) @@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for krb5 FEDORA-2013-8219
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ Kerberos V5 is a trusted-third-party network authentication system,
+ which can improve your network's security by eliminating the insecure
+ practice of sending passwords over the network in unencrypted form.
+
+
+ Affected Software/OS:
+ krb5 on Fedora 17
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(865642);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-27 11:51:43 +0530 (Mon, 27 May \
2013)"); + script_cve_id("CVE-2002-2443", "CVE-2013-1416", "CVE-2012-1016", \
"CVE-2013-1415", + "CVE-2012-1014", "CVE-2012-1015", \
"CVE-2012-1012"); + script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_name("Fedora Update for krb5 FEDORA-2013-8219");
+
+ script_description(desc);
+ script_xref(name: "FEDORA", value: "2013-8219");
+ script_xref(name: "URL" , value: \
"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105978.html"); + \
script_summary("Check for the Version of krb5"); + script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:fedoraproject:fedora", \
"login/SSH/success", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC17")
+{
+
+ if ((res = isrpmvuln(pkg:"krb5", rpm:"krb5~1.10.2~12.fc17", rls:"FC17")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8219_krb5_fc17.nasl \
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8221_python-virtualenv_fc17.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8221_python-virtualenv_fc17.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8221_python-virtualenv_fc17.nasl 2013-05-30 \
14:12:53 UTC (rev 16509) @@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for python-virtualenv FEDORA-2013-8221
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ virtualenv is a tool to create isolated Python environments. virtualenv
+ is a successor to workingenv, and an extension of virtual-python. It is
+ written by Ian Bicking, and sponsored by the Open Planning Project. It is
+ licensed under an MIT-style permissive license.
+
+
+ Affected Software/OS:
+ python-virtualenv on Fedora 17
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(865636);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-27 11:51:00 +0530 (Mon, 27 May \
2013)"); + script_cve_id("CVE-2013-1888");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Fedora Update for python-virtualenv FEDORA-2013-8221");
+
+ script_description(desc);
+ script_xref(name: "FEDORA", value: "2013-8221");
+ script_xref(name: "URL" , value: \
"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105989.html"); + \
script_summary("Check for the Version of python-virtualenv"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:fedoraproject:fedora", \
"login/SSH/success", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC17")
+{
+
+ if ((res = isrpmvuln(pkg:"python-virtualenv", \
rpm:"python-virtualenv~1.9.1~1.fc17", rls:"FC17")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8221_python-virtualenv_fc17.nasl \
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8398_firefox_fc17.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8398_firefox_fc17.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8398_firefox_fc17.nasl 2013-05-30 \
14:12:53 UTC (rev 16509) @@ -0,0 +1,85 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for firefox FEDORA-2013-8398
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ Mozilla Firefox is an open-source web browser, designed for standards
+ compliance, performance and portability.
+
+
+ Affected Software/OS:
+ firefox on Fedora 17
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(865644);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-27 11:53:13 +0530 (Mon, 27 May \
2013)"); + script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Fedora Update for firefox FEDORA-2013-8398");
+
+ script_description(desc);
+ script_xref(name: "FEDORA", value: "2013-8398");
+ script_xref(name: "URL" , value: \
"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106598.html"); + \
script_summary("Check for the Version of firefox"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:fedoraproject:fedora", \
"login/SSH/success", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC17")
+{
+
+ if ((res = isrpmvuln(pkg:"firefox", rpm:"firefox~21.0~3.fc17", rls:"FC17")) != \
NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8398_firefox_fc17.nasl \
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8398_xulrunner_fc17.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8398_xulrunner_fc17.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8398_xulrunner_fc17.nasl 2013-05-30 \
14:12:53 UTC (rev 16509) @@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for xulrunner FEDORA-2013-8398
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM
+ applications that are as rich as Firefox and Thunderbird. It provides mechanisms
+ for installing, upgrading, and uninstalling these applications. XULRunner also
+ provides libxul, a solution which allows the embedding of Mozilla technologies
+ in other projects and products.
+
+
+ Affected Software/OS:
+ xulrunner on Fedora 17
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(865639);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-27 11:51:35 +0530 (Mon, 27 May \
2013)"); + script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Fedora Update for xulrunner FEDORA-2013-8398");
+
+ script_description(desc);
+ script_xref(name: "FEDORA", value: "2013-8398");
+ script_xref(name: "URL" , value: \
"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106597.html"); + \
script_summary("Check for the Version of xulrunner"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:fedoraproject:fedora", \
"login/SSH/success", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC17")
+{
+
+ if ((res = isrpmvuln(pkg:"xulrunner", rpm:"xulrunner~21.0~3.fc17", rls:"FC17")) != \
NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8398_xulrunner_fc17.nasl \
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8571_xen_fc17.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8571_xen_fc17.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8571_xen_fc17.nasl 2013-05-30 \
14:12:53 UTC (rev 16509) @@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for xen FEDORA-2013-8571
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ This package contains the XenD daemon and xm command line
+ tools, needed to manage virtual machines running under the
+ Xen hypervisor
+
+
+ Affected Software/OS:
+ xen on Fedora 17
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(865643);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-27 11:51:58 +0530 (Mon, 27 May \
2013)"); + script_cve_id("CVE-2013-2072", "CVE-2013-1918", "CVE-2013-1952", \
"CVE-2013-1919", + "CVE-2013-1917", "CVE-2013-1964", "CVE-2013-1920", \
"CVE-2013-0153", + "CVE-2013-0215", "CVE-2012-6075", "CVE-2012-5634", \
"CVE-2012-5510", + "CVE-2012-5511", "CVE-2012-5512", "CVE-2012-5513", \
"CVE-2012-5514", + "CVE-2012-5515", "CVE-2012-4535", "CVE-2012-4536", \
"CVE-2012-4537", + "CVE-2012-4538", "CVE-2012-4539", "CVE-2012-4544", \
"CVE-2012-4411", + "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", \
"CVE-2012-3498", + "CVE-2012-3515", "CVE-2012-3433", "CVE-2012-3432", \
"CVE-2012-0217", + "CVE-2012-0218", "CVE-2012-2934", \
"CVE-2012-2625"); + script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_name("Fedora Update for xen FEDORA-2013-8571");
+
+ script_description(desc);
+ script_xref(name: "FEDORA", value: "2013-8571");
+ script_xref(name: "URL" , value: \
"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106718.html"); + \
script_summary("Check for the Version of xen"); + script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:fedoraproject:fedora", \
"login/SSH/success", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC17")
+{
+
+ if ((res = isrpmvuln(pkg:"xen", rpm:"xen~4.1.5~4.fc17", rls:"FC17")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8571_xen_fc17.nasl \
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8590_xen_fc18.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8590_xen_fc18.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8590_xen_fc18.nasl 2013-05-30 \
14:12:53 UTC (rev 16509) @@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for xen FEDORA-2013-8590
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+ This package contains the XenD daemon and xm command line
+ tools, needed to manage virtual machines running under the
+ Xen hypervisor
+
+
+ Affected Software/OS:
+ xen on Fedora 18
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(865638);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-27 11:51:05 +0530 (Mon, 27 May \
2013)"); + script_cve_id("CVE-2013-2072", "CVE-2013-1918", "CVE-2013-1952", \
"CVE-2013-1922", + "CVE-2013-1919", "CVE-2013-1917", "CVE-2013-1920", \
"CVE-2013-0153", + "CVE-2013-0215", "CVE-2013-0151", "CVE-2013-0152", \
"CVE-2012-6075", + "CVE-2012-5634", \
"CVE-2013-0154"); + script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_name("Fedora Update for xen FEDORA-2013-8590");
+
+ script_description(desc);
+ script_xref(name: "FEDORA", value: "2013-8590");
+ script_xref(name: "URL" , value: \
"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106721.html"); + \
script_summary("Check for the Version of xen"); + script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("HostDetails/OS/cpe:/o:fedoraproject:fedora", \
"login/SSH/success", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC18")
+{
+
+ if ((res = isrpmvuln(pkg:"xen", rpm:"xen~4.2.2~5.fc18", rls:"FC18")) != NULL)
+ {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_fedora_2013_8590_xen_fc18.nasl \
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1822_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1822_1.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1822_1.nasl 2013-05-30 14:12:53 \
UTC (rev 16509) @@ -0,0 +1,145 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for firefox USN-1822-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ Multiple memory safety issues were discovered in Firefox. If the user were
+ tricked into opening a specially crafted page, an attacker could possibly
+ exploit these to cause a denial of service via application crash, or
+ potentially execute code with the privileges of the user invoking Firefox.
+ (CVE-2013-0801, CVE-2013-1669)
+
+ Cody Crews discovered that some constructors could be used to bypass
+ restrictions enforced by their Chrome Object Wrapper (COW). An attacker
+ could exploit this to conduct cross-site scripting (XSS) attacks.
+ (CVE-2013-1670)
+
+ It was discovered that the file input element could expose the full local
+ path under certain conditions. An attacker could potentially exploit this
+ to steal sensitive information. (CVE-2013-1671)
+
+ A use-after-free was discovered when resizing video content whilst it is
+ playing. An attacker could potentially exploit this to execute code with
+ the privileges of the user invoking Firefox. (CVE-2013-1674)
+
+ It was discovered that some DOMSVGZoomEvent functions could be used
+ without being properly initialized, which could lead to information
+ leakage. (CVE-2013-1675)
+
+ Abhishek Arya discovered multiple memory safety issues in Firefox. If
+ the user were tricked into opening a specially crafted page, an attacker
+ could possibly exploit these to cause a denial of service via application
+ crash, or potentially execute code with the privileges of the user
+ invoking Firefox. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678,
+ CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)
+
+ Affected Software/OS:
+ firefox on Ubuntu 13.04 ,
+ Ubuntu 12.10 ,
+ Ubuntu 12.04 LTS
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(841427);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-17 09:54:38 +0530 (Fri, 17 May \
2013)"); + script_cve_id("CVE-2013-0801", "CVE-2013-1669", "CVE-2013-1670", \
"CVE-2013-1671", + "CVE-2013-1674", "CVE-2013-1675", "CVE-2013-1676", \
"CVE-2013-1677", + "CVE-2013-1678", "CVE-2013-1679", "CVE-2013-1680", \
"CVE-2013-1681"); + script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_name("Ubuntu Update for firefox USN-1822-1");
+
+ script_description(desc);
+ script_xref(name: "USN", value: "1822-1");
+ script_xref(name: "URL" , value: \
"https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-May/002108.html"); + \
script_summary("Check for the Version of firefox"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", \
"HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU12.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"firefox", ver:"21.0+build2-0ubuntu0.12.04.3", \
rls:"UBUNTU12.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU12.10")
+{
+ ## Changed version from 21.0+build2-0ubuntu0.12.10.2 to 21.0+build2-0ubuntu0.12.10
+ if ((res = isdpkgvuln(pkg:"firefox", ver:"21.0+build2-0ubuntu0.12.10", \
rls:"UBUNTU12.10")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU13.04")
+{
+ ## Changed version from 21.0+build2-0ubuntu0.13.04.2 to 21.0+build2-0ubuntu0.13.04
+ if ((res = isdpkgvuln(pkg:"firefox", ver:"21.0+build2-0ubuntu0.13.04", \
rls:"UBUNTU13.04")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1822_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1823_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1823_1.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1823_1.nasl 2013-05-30 14:12:53 \
UTC (rev 16509) @@ -0,0 +1,143 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for thunderbird USN-1823-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ Multiple memory safety issues were discovered in Thunderbird. If the user
+ were tricked into opening a specially crafted message with scripting
+ enabled, an attacker could possibly exploit these to cause a denial of
+ service via application crash, or potentially execute code with the
+ privileges of the user invoking Thunderbird. (CVE-2013-0801,
+ CVE-2013-1669)
+
+ Cody Crews discovered that some constructors could be used to bypass
+ restrictions enforced by their Chrome Object Wrapper (COW). If a user had
+ scripting enabled, an attacker could exploit this to conduct cross-site
+ scripting (XSS) attacks. (CVE-2013-1670)
+
+ A use-after-free was discovered when resizing video content whilst it is
+ playing. If a user had scripting enabled, an attacker could potentially
+ exploit this to execute code with the privileges of the user invoking
+ Thunderbird. (CVE-2013-1674)
+
+ It was discovered that some DOMSVGZoomEvent functions could be used
+ without being properly initialized, which could lead to information
+ leakage. (CVE-2013-1675)
+
+ Abhishek Arya discovered multiple memory safety issues in Thunderbird. If
+ the user were tricked into opening a specially crafted message, an
+ attacker could possibly exploit these to cause a denial of service via
+ application crash, or potentially execute code with the privileges of
+ the user invoking Thunderbird. (CVE-2013-1676, CVE-2013-1677,
+ CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)
+
+ Affected Software/OS:
+ thunderbird on Ubuntu 13.04 ,
+ Ubuntu 12.10 ,
+ Ubuntu 12.04 LTS
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(841428);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-17 09:55:07 +0530 (Fri, 17 May \
2013)"); + script_cve_id("CVE-2013-0801", "CVE-2013-1669", "CVE-2013-1670", \
"CVE-2013-1674", + "CVE-2013-1675", "CVE-2013-1676", "CVE-2013-1677", \
"CVE-2013-1678", + "CVE-2013-1679", "CVE-2013-1680", "CVE-2013-1681");
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_name("Ubuntu Update for thunderbird USN-1823-1");
+
+ script_description(desc);
+ script_xref(name: "USN", value: "1823-1");
+ script_xref(name: "URL" , value: \
"https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-May/002109.html"); + \
script_summary("Check for the Version of thunderbird"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", \
"HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU12.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"thunderbird", ver:"17.0.6+build1-0ubuntu0.12.04.1", \
rls:"UBUNTU12.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU12.10")
+{
+
+ if ((res = isdpkgvuln(pkg:"thunderbird", ver:"17.0.6+build1-0ubuntu0.12.10.1", \
rls:"UBUNTU12.10")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU13.04")
+{
+ ## Changed version to 17.0.6+build1-0ubuntu0.13.0 instead of \
17.0.6+build1-0ubuntu0.13.04.1 + if ((res = isdpkgvuln(pkg:"thunderbird", \
ver:"17.0.6+build1-0ubuntu0.13.0", rls:"UBUNTU13.04")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1823_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1824_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1824_1.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1824_1.nasl 2013-05-30 14:12:53 \
UTC (rev 16509) @@ -0,0 +1,183 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for linux USN-1824-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ Mathias Krause discovered an information leak in the Linux kernel's ISO
+ 9660 CDROM file system driver. A local user could exploit this flaw to
+ examine some of the kernel's heap memory. (CVE-2012-6549)
+
+ Mathias Krause discovered a flaw in xfrm_user in the Linux kernel. A local
+ attacker with NET_ADMIN capability could potentially exploit this flaw to
+ escalate privileges. (CVE-2013-1826)
+
+ A buffer overflow was discovered in the Linux Kernel's USB subsystem for
+ devices reporting the cdc-wdm class. A specially crafted USB device when
+ plugged-in could cause a denial of service (system crash) or possibly
+ execute arbitrary code. (CVE-2013-1860)
+
+ An information leak was discovered in the Linux kernel's /dev/dvb device. A
+ local user could exploit this flaw to obtain sensitive information from the
+ kernel's stack memory. (CVE-2013-1928)
+
+ An information leak in the Linux kernel's dcb netlink interface was
+ discovered. A local user could obtain sensitive information by examining
+ kernel stack memory. (CVE-2013-2634)
+
+ Affected Software/OS:
+ linux on Ubuntu 10.04 LTS
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(841430);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-17 09:55:56 +0530 (Fri, 17 May \
2013)"); + script_cve_id("CVE-2012-6549", "CVE-2013-1826", "CVE-2013-1860", \
"CVE-2013-1928", + "CVE-2013-2634");
+ script_tag(name:"cvss_base", value:"6.9");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Ubuntu Update for linux USN-1824-1");
+
+ script_description(desc);
+ script_xref(name: "USN", value: "1824-1");
+ script_xref(name: "URL" , value: \
"https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-May/002110.html"); + \
script_summary("Check for the Version of linux"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", \
"HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.32-47-386", ver:"2.6.32-47.109", \
rls:"UBUNTU10.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.32-47-generic", ver:"2.6.32-47.109", \
rls:"UBUNTU10.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.32-47-generic-pae", \
ver:"2.6.32-47.109", rls:"UBUNTU10.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.32-47-ia64", ver:"2.6.32-47.109", \
rls:"UBUNTU10.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.32-47-lpia", ver:"2.6.32-47.109", \
rls:"UBUNTU10.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.32-47-powerpc", ver:"2.6.32-47.109", \
rls:"UBUNTU10.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.32-47-powerpc-smp", \
ver:"2.6.32-47.109", rls:"UBUNTU10.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.32-47-powerpc64-smp", \
ver:"2.6.32-47.109", rls:"UBUNTU10.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.32-47-preempt", ver:"2.6.32-47.109", \
rls:"UBUNTU10.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.32-47-server", ver:"2.6.32-47.109", \
rls:"UBUNTU10.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.32-47-sparc64", ver:"2.6.32-47.109", \
rls:"UBUNTU10.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.32-47-sparc64-smp", \
ver:"2.6.32-47.109", rls:"UBUNTU10.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.32-47-versatile", ver:"2.6.32-47.109", \
rls:"UBUNTU10.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.32-47-virtual", ver:"2.6.32-47.109", \
rls:"UBUNTU10.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1824_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1825_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1825_1.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1825_1.nasl 2013-05-30 14:12:53 \
UTC (rev 16509) @@ -0,0 +1,122 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for linux USN-1825-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ An flaw was discovered in the Linux kernel's perf_events interface. A local
+ user could exploit this flaw to escalate privileges on the system.
+
+ Affected Software/OS:
+ linux on Ubuntu 12.04 LTS
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(841423);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-17 09:54:30 +0530 (Fri, 17 May \
2013)"); + script_cve_id("CVE-2013-2094");
+ script_tag(name:"cvss_base", value:"7.2");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Ubuntu Update for linux USN-1825-1");
+
+ script_description(desc);
+ script_xref(name: "USN", value: "1825-1");
+ script_xref(name: "URL" , value: \
"https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-May/002111.html"); + \
script_summary("Check for the Version of linux"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", \
"HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU12.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.2.0-43-generic", ver:"3.2.0-43.68", \
rls:"UBUNTU12.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.2.0-43-generic-pae", ver:"3.2.0-43.68", \
rls:"UBUNTU12.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.2.0-43-highbank", ver:"3.2.0-43.68", \
rls:"UBUNTU12.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.2.0-43-omap", ver:"3.2.0-43.68", \
rls:"UBUNTU12.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.2.0-43-powerpc-smp", ver:"3.2.0-43.68", \
rls:"UBUNTU12.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.2.0-43-powerpc64-smp", ver:"3.2.0-43.68", \
rls:"UBUNTU12.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.2.0-43-virtual", ver:"3.2.0-43.68", \
rls:"UBUNTU12.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1825_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1826_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1826_1.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1826_1.nasl 2013-05-30 14:12:53 \
UTC (rev 16509) @@ -0,0 +1,110 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for linux USN-1826-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ An flaw was discovered in the Linux kernel's perf_events interface. A local
+ user could exploit this flaw to escalate privileges on the system.
+
+ Affected Software/OS:
+ linux on Ubuntu 12.10
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(841424);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-17 09:54:33 +0530 (Fri, 17 May \
2013)"); + script_cve_id("CVE-2013-2094");
+ script_tag(name:"cvss_base", value:"7.2");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Ubuntu Update for linux USN-1826-1");
+
+ script_description(desc);
+ script_xref(name: "USN", value: "1826-1");
+ script_xref(name: "URL" , value: \
"https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-May/002112.html"); + \
script_summary("Check for the Version of linux"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", \
"HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU12.10")
+{
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.5.0-30-generic", ver:"3.5.0-30.51", \
rls:"UBUNTU12.10")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.5.0-30-highbank", ver:"3.5.0-30.51", \
rls:"UBUNTU12.10")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.5.0-30-omap", ver:"3.5.0-30.51", \
rls:"UBUNTU12.10")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.5.0-30-powerpc-smp", ver:"3.5.0-30.51", \
rls:"UBUNTU12.10")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.5.0-30-powerpc64-smp", ver:"3.5.0-30.51", \
rls:"UBUNTU12.10")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1826_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1827_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1827_1.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1827_1.nasl 2013-05-30 14:12:53 \
UTC (rev 16509) @@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for linux USN-1827-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ An flaw was discovered in the Linux kernel's perf_events interface. A local
+ user could exploit this flaw to escalate privileges on the system.
+
+ Affected Software/OS:
+ linux on Ubuntu 13.04
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(841432);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-17 09:56:18 +0530 (Fri, 17 May \
2013)"); + script_cve_id("CVE-2013-2094");
+ script_tag(name:"cvss_base", value:"7.2");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Ubuntu Update for linux USN-1827-1");
+
+ script_description(desc);
+ script_xref(name: "USN", value: "1827-1");
+ script_xref(name: "URL" , value: \
"https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-May/002113.html"); + \
script_summary("Check for the Version of linux"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", \
"HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU13.04")
+{
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.8.0-21-generic", ver:"3.8.0-21.32", \
rls:"UBUNTU13.04")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1827_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1828_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1828_1.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1828_1.nasl 2013-05-30 14:12:53 \
UTC (rev 16509) @@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for linux-lts-quantal USN-1828-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ An flaw was discovered in the Linux kernel's perf_events interface. A local
+ user could exploit this flaw to escalate privileges on the system.
+
+ Affected Software/OS:
+ linux-lts-quantal on Ubuntu 12.04 LTS
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(841425);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-17 09:54:35 +0530 (Fri, 17 May \
2013)"); + script_cve_id("CVE-2013-2094");
+ script_tag(name:"cvss_base", value:"7.2");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Ubuntu Update for linux-lts-quantal USN-1828-1");
+
+ script_description(desc);
+ script_xref(name: "USN", value: "1828-1");
+ script_xref(name: "URL" , value: \
"https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-May/002114.html"); + \
script_summary("Check for the Version of linux-lts-quantal"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", \
"HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU12.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.5.0-30-generic", \
ver:"3.5.0-30.51~precise1", rls:"UBUNTU12.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1828_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1829_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1829_1.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1829_1.nasl 2013-05-30 14:12:53 \
UTC (rev 16509) @@ -0,0 +1,105 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for linux-ec2 USN-1829-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ Mathias Krause discovered an information leak in the Linux kernel's ISO
+ 9660 CDROM file system driver. A local user could exploit this flaw to
+ examine some of the kernel's heap memory. (CVE-2012-6549)
+
+ Mathias Krause discovered a flaw in xfrm_user in the Linux kernel. A local
+ attacker with NET_ADMIN capability could potentially exploit this flaw to
+ escalate privileges. (CVE-2013-1826)
+
+ A buffer overflow was discovered in the Linux Kernel's USB subsystem for
+ devices reporting the cdc-wdm class. A specially crafted USB device when
+ plugged-in could cause a denial of service (system crash) or possibly
+ execute arbitrary code. (CVE-2013-1860)
+
+ An information leak was discovered in the Linux kernel's /dev/dvb device. A
+ local user could exploit this flaw to obtain sensitive information from the
+ kernel's stack memory. (CVE-2013-1928)
+
+ An information leak in the Linux kernel's dcb netlink interface was
+ discovered. A local user could obtain sensitive information by examining
+ kernel stack memory. (CVE-2013-2634)
+
+ Affected Software/OS:
+ linux-ec2 on Ubuntu 10.04 LTS
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(841429);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-17 09:55:36 +0530 (Fri, 17 May \
2013)"); + script_cve_id("CVE-2012-6549", "CVE-2013-1826", "CVE-2013-1860", \
"CVE-2013-1928", + "CVE-2013-2634");
+ script_tag(name:"cvss_base", value:"6.9");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Ubuntu Update for linux-ec2 USN-1829-1");
+
+ script_description(desc);
+ script_xref(name: "USN", value: "1829-1");
+ script_xref(name: "URL" , value: \
"https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-May/002115.html"); + \
script_summary("Check for the Version of linux-ec2"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", \
"HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU10.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"linux-image-2.6.32-352-ec2", ver:"2.6.32-352.65", \
rls:"UBUNTU10.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1829_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1830_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1830_1.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1830_1.nasl 2013-05-30 14:12:53 \
UTC (rev 16509) @@ -0,0 +1,118 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for keystone USN-1830-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ Sam Stoelinga discovered that Keystone would not immediately invalidate
+ tokens when deleting users via the v2 API. A deleted user would be able to
+ continue to use resources until the token lifetime expired.
+
+ Affected Software/OS:
+ keystone on Ubuntu 13.04 ,
+ Ubuntu 12.10 ,
+ Ubuntu 12.04 LTS
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(841431);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-17 09:56:16 +0530 (Fri, 17 May \
2013)"); + script_cve_id("CVE-2013-2059");
+ script_tag(name:"cvss_base", value:"4.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:P/A:N");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_name("Ubuntu Update for keystone USN-1830-1");
+
+ script_description(desc);
+ script_xref(name: "USN", value: "1830-1");
+ script_xref(name: "URL" , value: \
"https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-May/002116.html"); + \
script_summary("Check for the Version of keystone"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", \
"HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+## Added check for Ubuntu 12.04
+if(release == "UBUNTU12.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"python-keystone", \
ver:"2012.1.3+stable-20130423-f48dd0fc-0ubuntu1.1", rls:"UBUNTU12.04 LTS")) != NULL) \
+ { + security_warning(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+## Added check for Ubuntu 12.10
+if(release == "UBUNTU12.10")
+{
+
+ if ((res = isdpkgvuln(pkg:"python-keystone", \
ver:"2012.2.3+stable-20130206-82c87e56-0ubuntu2.1", rls:"UBUNTU12.10")) != NULL) + {
+ security_warning(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU13.04")
+{
+
+ if ((res = isdpkgvuln(pkg:"python-keystone", ver:"1:2013.1-0ubuntu1.1", \
rls:"UBUNTU13.04")) != NULL) + {
+ security_warning(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1830_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1831_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1831_1.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1831_1.nasl 2013-05-30 14:12:53 \
UTC (rev 16509) @@ -0,0 +1,119 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for nova USN-1831-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ Loganathan Parthipan discovered that Nova did not verify the size of QCOW2
+ instance storage. An authenticated attacker could exploit this to cause a
+ denial of service by creating an image with a large virtual size with
+ little data, then filling the virtual disk.
+
+ Affected Software/OS:
+ nova on Ubuntu 13.04 ,
+ Ubuntu 12.10 ,
+ Ubuntu 12.04 LTS
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(841426);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-17 09:54:37 +0530 (Fri, 17 May \
2013)"); + script_cve_id("CVE-2013-2096");
+ script_tag(name:"cvss_base", value:"4.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:N/A:P");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_name("Ubuntu Update for nova USN-1831-1");
+
+ script_description(desc);
+ script_xref(name: "USN", value: "1831-1");
+ script_xref(name: "URL" , value: \
"https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-May/002117.html"); + \
script_summary("Check for the Version of nova"); + script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
+ script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", \
"HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+## Added check for ubuntu 12.04
+if(release == "UBUNTU12.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"python-nova", \
ver:"2012.1.3+stable-20130423-e52e6912-0ubuntu1.1", rls:"UBUNTU12.04 LTS")) != NULL) \
+ { + security_warning(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU12.10")
+{
+
+ if ((res = isdpkgvuln(pkg:"python-nova", ver:"2012.2.3-0ubuntu2.1", \
rls:"UBUNTU12.10")) != NULL) + {
+ security_warning(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
+
+
+if(release == "UBUNTU13.04")
+{
+
+ if ((res = isdpkgvuln(pkg:"python-nova", ver:"1:2013.1-0ubuntu2.1", \
rls:"UBUNTU13.04")) != NULL) + {
+ security_warning(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1831_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1833_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1833_1.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1833_1.nasl 2013-05-30 14:12:53 \
UTC (rev 16509) @@ -0,0 +1,132 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for linux USN-1833-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ Andy Lutomirski discover an error in the Linux kernel's credential handling
+ on unix sockets. A local user could exploit this flaw to gain
+ administrative privileges. (CVE-2013-1979)
+
+ A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet
+ driver for the Linux kernel. A local user could exploit this flaw to cause
+ a denial of service (crash the system) or potentially escalate privileges
+ on the system. (CVE-2013-1929)
+
+ A flaw was discovered in the Linux kernel's ftrace subsystem interface. A
+ local user could exploit this flaw to cause a denial of service (system
+ crash). (CVE-2013-3301)
+
+ Affected Software/OS:
+ linux on Ubuntu 12.04 LTS
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(841435);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-27 11:54:47 +0530 (Mon, 27 May \
2013)"); + script_cve_id("CVE-2013-1979", "CVE-2013-1929", "CVE-2013-3301");
+ script_tag(name:"cvss_base", value:"7.2");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Ubuntu Update for linux USN-1833-1");
+
+ script_description(desc);
+ script_xref(name: "USN", value: "1833-1");
+ script_xref(name: "URL" , value: \
"https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-May/002119.html"); + \
script_summary("Check for the Version of linux"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", \
"HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU12.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.2.0-44-generic", ver:"3.2.0-44.69", \
rls:"UBUNTU12.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.2.0-44-generic-pae", ver:"3.2.0-44.69", \
rls:"UBUNTU12.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.2.0-44-highbank", ver:"3.2.0-44.69", \
rls:"UBUNTU12.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.2.0-44-omap", ver:"3.2.0-44.69", \
rls:"UBUNTU12.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.2.0-44-powerpc-smp", ver:"3.2.0-44.69", \
rls:"UBUNTU12.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.2.0-44-powerpc64-smp", ver:"3.2.0-44.69", \
rls:"UBUNTU12.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.2.0-44-virtual", ver:"3.2.0-44.69", \
rls:"UBUNTU12.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1833_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1834_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1834_1.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1834_1.nasl 2013-05-30 14:12:53 \
UTC (rev 16509) @@ -0,0 +1,92 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for linux-lts-quantal USN-1834-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet
+ driver for the Linux kernel. A local user could exploit this flaw to cause
+ a denial of service (crash the system) or potentially escalate privileges
+ on the system. (CVE-2013-1929)
+
+ A flaw was discovered in the Linux kernel's ftrace subsystem interface. A
+ local user could exploit this flaw to cause a denial of service (system
+ crash). (CVE-2013-3301)
+
+ Affected Software/OS:
+ linux-lts-quantal on Ubuntu 12.04 LTS
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(841438);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-27 11:55:47 +0530 (Mon, 27 May \
2013)"); + script_cve_id("CVE-2013-1929", "CVE-2013-3301");
+ script_tag(name:"cvss_base", value:"7.2");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Ubuntu Update for linux-lts-quantal USN-1834-1");
+
+ script_description(desc);
+ script_xref(name: "USN", value: "1834-1");
+ script_xref(name: "URL" , value: \
"https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-May/002120.html"); + \
script_summary("Check for the Version of linux-lts-quantal"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", \
"HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU12.04 LTS")
+{
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.5.0-31-generic", \
ver:"3.5.0-31.52~precise1", rls:"UBUNTU12.04 LTS")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1834_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1835_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1835_1.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1835_1.nasl 2013-05-30 14:12:53 \
UTC (rev 16509) @@ -0,0 +1,116 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for linux USN-1835-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet
+ driver for the Linux kernel. A local user could exploit this flaw to cause
+ a denial of service (crash the system) or potentially escalate privileges
+ on the system. (CVE-2013-1929)
+
+ A flaw was discovered in the Linux kernel's ftrace subsystem interface. A
+ local user could exploit this flaw to cause a denial of service (system
+ crash). (CVE-2013-3301)
+
+ Affected Software/OS:
+ linux on Ubuntu 12.10
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(841434);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-27 11:54:38 +0530 (Mon, 27 May \
2013)"); + script_cve_id("CVE-2013-1929", "CVE-2013-3301");
+ script_tag(name:"cvss_base", value:"7.2");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Ubuntu Update for linux USN-1835-1");
+
+ script_description(desc);
+ script_xref(name: "USN", value: "1835-1");
+ script_xref(name: "URL" , value: \
"https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-May/002121.html"); + \
script_summary("Check for the Version of linux"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", \
"HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU12.10")
+{
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.5.0-31-generic", ver:"3.5.0-31.52", \
rls:"UBUNTU12.10")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.5.0-31-highbank", ver:"3.5.0-31.52", \
rls:"UBUNTU12.10")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.5.0-31-omap", ver:"3.5.0-31.52", \
rls:"UBUNTU12.10")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.5.0-31-powerpc-smp", ver:"3.5.0-31.52", \
rls:"UBUNTU12.10")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.5.0-31-powerpc64-smp", ver:"3.5.0-31.52", \
rls:"UBUNTU12.10")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1835_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1836_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1836_1.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1836_1.nasl 2013-05-30 14:12:53 \
UTC (rev 16509) @@ -0,0 +1,96 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for linux-ti-omap4 USN-1836-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ An flaw was discovered in the Linux kernel's perf_events interface. A local
+ user could exploit this flaw to escalate privileges on the system.
+ (CVE-2013-2094)
+
+ A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet
+ driver for the Linux kernel. A local user could exploit this flaw to cause
+ a denial of service (crash the system) or potentially escalate privileges
+ on the system. (CVE-2013-1929)
+
+ A flaw was discovered in the Linux kernel's ftrace subsystem interface. A
+ local user could exploit this flaw to cause a denial of service (system
+ crash). (CVE-2013-3301)
+
+ Affected Software/OS:
+ linux-ti-omap4 on Ubuntu 12.10
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(841437);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-27 11:55:32 +0530 (Mon, 27 May \
2013)"); + script_cve_id("CVE-2013-2094", "CVE-2013-1929", "CVE-2013-3301");
+ script_tag(name:"cvss_base", value:"7.2");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Ubuntu Update for linux-ti-omap4 USN-1836-1");
+
+ script_description(desc);
+ script_xref(name: "USN", value: "1836-1");
+ script_xref(name: "URL" , value: \
"https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-May/002122.html"); + \
script_summary("Check for the Version of linux-ti-omap4"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", \
"HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU12.10")
+{
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.5.0-225-omap4", ver:"3.5.0-225.36", \
rls:"UBUNTU12.10")) != NULL) + {
+ security_hole(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1836_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1837_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1837_1.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1837_1.nasl 2013-05-30 14:12:53 \
UTC (rev 16509) @@ -0,0 +1,143 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Ubuntu Update for linux USN-1837-1
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc = "
+
+ Vulnerability Insight:
+
+ An information leak was discovered in the Linux kernel's crypto API. A
+ local user could exploit this flaw to examine potentially sensitive
+ information from the kernel's stack memory. (CVE-2013-3076)
+
+ An information leak was discovered in the Linux kernel's rcvmsg path for
+ ATM (Asynchronous Transfer Mode). A local user could exploit this flaw to
+ examine potentially sensitive information from the kernel's stack memory.
+ (CVE-2013-3222)
+
+ An information leak was discovered in the Linux kernel's recvmsg path for
+ ax25 address family. A local user could exploit this flaw to examine
+ potentially sensitive information from the kernel's stack memory.
+ (CVE-2013-3223)
+
+ An information leak was discovered in the Linux kernel's recvmsg path for
+ the bluetooth address family. A local user could exploit this flaw to
+ examine potentially sensitive information from the kernel's stack memory.
+ (CVE-2013-3224)
+
+ An information leak was discovered in the Linux kernel's bluetooth rfcomm
+ protocol support. A local user could exploit this flaw to examine
+ potentially sensitive information from the kernel's stack memory.
+ (CVE-2013-3225)
+
+ An information leak was discovered in the Linux kernel's bluetooth SCO
+ sockets implementation. A local user could exploit this flaw to examine
+ potentially sensitive information from the kernel's stack memory.
+ (CVE-2013-3226)
+
+ An information leak was discovered in the Linux kernel's CAIF protocol
+ implementation. A local user could exploit this flaw to examine potentially
+ sensitive information from the kernel's stack memory. (CVE-2013-3227)
+
+ An information leak was discovered in the Linux kernel's IRDA (infrared)
+ support subsystem. A local user could exploit this flaw to examine
+ potentially sensitive information from the kernel's stack memory.
+ (CVE-2013-3228)
+
+ An information leak was discovered in the Linux kernel's s390 - z/VM
+ support. A local user could exploit this flaw to examine potentially
+ sensitive information from the kernel's stack memory. (CVE-2013-3229)
+
+ An information leak was discovered in the Linux kernel's l2tp (Layer Two
+ Tunneling Protocol) implementation. A local user could exploit this flaw to
+ examine potentially sensitive information from the kernel's stack memory.
+ (CVE-2013-3230)
+
+ An information leak was discovered in the Linux kernel's llc (Logical Link
+ Layer 2) support. A local user could exploit this flaw to examine
+ potentially sensitive information from the kernel's stack memory.
+ (CVE-2013-3231)
+
+ An information leak was discovered in the Linux kernel's nfc (near field
+ ...
+
+ Description truncated, for more information please check the Reference URL
+
+ Affected Software/OS:
+ linux on Ubuntu 13.04
+
+ Fix: Please Install the Updated Packages.
+ ";
+
+if(description)
+{
+ script_id(841436);
+ script_version("$Revision$");
+ script_tag(name:"check_type", value:"authenticated package test");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-27 11:54:59 +0530 (Mon, 27 May \
2013)"); + script_cve_id("CVE-2013-3076", "CVE-2013-3222", "CVE-2013-3223", \
"CVE-2013-3224", + "CVE-2013-3225", "CVE-2013-3226", "CVE-2013-3227", \
"CVE-2013-3228", + "CVE-2013-3229", "CVE-2013-3230", "CVE-2013-3231", \
"CVE-2013-3233", + "CVE-2013-3234", "CVE-2013-3235");
+ script_tag(name:"cvss_base", value:"4.9");
+ script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:N/A:N");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_name("Ubuntu Update for linux USN-1837-1");
+
+ script_description(desc);
+ script_xref(name: "USN", value: "1837-1");
+ script_xref(name: "URL" , value: \
"https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-May/002123.html"); + \
script_summary("Check for the Version of linux"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("Ubuntu Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_mandatory_keys("login/SSH/success", \
"HostDetails/OS/cpe:/o:canonical:ubuntu_linux", "ssh/login/release"); + exit(0);
+}
+
+
+include("pkg-lib-deb.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+res = "";
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "UBUNTU13.04")
+{
+
+ if ((res = isdpkgvuln(pkg:"linux-image-3.8.0-22-generic", ver:"3.8.0-22.33", \
rls:"UBUNTU13.04")) != NULL) + {
+ security_warning(data:res + '\n' + desc);
+ exit(0);
+ }
+
+ if (__pkg_match) exit(99); # Not vulnerable.
+ exit(0);
+}
Property changes on: trunk/openvas-plugins/scripts/2013/gb_ubuntu_USN_1837_1.nasl
___________________________________________________________________
Added: svn:keywords
+ Revision Date Id
_______________________________________________
Openvas-commits mailing list
Openvas-commits@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic