Executive Summary
Summary | |
---|---|
Title | Multiple packages, Multiple vulnerabilities fixed in 2012 |
Informations | |||
---|---|---|---|
Name | GLSA-201412-10 | First vendor Publication | 2014-12-11 |
Vendor | Gentoo | Last vendor Modification | 2014-12-11 |
Severity (Vendor) | High | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2013. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information. Background Description * EGroupware Impact Workaround Resolution All VTE 0.32 users should upgrade to the latest version: All VTE 0.28 users should upgrade to the latest version: All Layer Four Traceroute users should upgrade to the latest version: All Suhosin users should upgrade to the latest version: All Slock users should upgrade to the latest version: All Ganglia users should upgrade to the latest version: All Jabber to GaduGadu Gateway users should upgrade to the latest version: NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2013. It is likely that your system is already no longer affected by these issues. References Availability http://security.gentoo.org/glsa/glsa-201412-10.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201412-10.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
11 % | CWE-399 | Resource Management Errors |
11 % | CWE-264 | Permissions, Privileges, and Access Controls |
11 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
11 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
11 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
11 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13372 | |||
Oval ID: | oval:org.mitre.oval:def:13372 | ||
Title: | USN-962-1 -- vte vulnerability | ||
Description: | Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-962-1 CVE-2010-2713 | Version: | 5 |
Platform(s): | Ubuntu 10.04 Ubuntu 9.04 Ubuntu 9.10 | Product(s): | vte |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17899 | |||
Oval ID: | oval:org.mitre.oval:def:17899 | ||
Title: | USN-692-1 -- ekg, libgadu vulnerability | ||
Description: | It was discovered that the Gadu library, used by some Instant Messaging clients, did not correctly verify certain packet sizes from the server. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-692-1 CVE-2008-4776 | Version: | 5 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.10 Ubuntu 8.04 Ubuntu 8.10 | Product(s): | ekg libgadu |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18513 | |||
Oval ID: | oval:org.mitre.oval:def:18513 | ||
Title: | DSA-1664-1 ekg - denial of service | ||
Description: | It was discovered that ekg, a console Gadu Gadu client performs insufficient input sanitising in the code to parse contact descriptions, which may result in denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1664-1 CVE-2008-4776 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | ekg |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20076 | |||
Oval ID: | oval:org.mitre.oval:def:20076 | ||
Title: | DSA-2610-1 ganglia - remote code execution | ||
Description: | Insufficient input sanitisation in Ganglia, a web based monitoring system, could lead to remote PHP script execution with permissions of the user running the web server. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2610-1 CVE-2012-3448 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | ganglia |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7621 | |||
Oval ID: | oval:org.mitre.oval:def:7621 | ||
Title: | DSA-1664 ekg -- missing input sanitising | ||
Description: | It was discovered that ekg, a console Gadu Gadu client performs insufficient input sanitising in the code to parse contact descriptions, which may result in denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1664 CVE-2008-4776 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | ekg |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-12-13 | Name : SuSE Update for update openSUSE-SU-2012:0426-1 (update) File : nvt/gb_suse_2012_0426_1.nasl |
2012-08-30 | Name : Fedora Update for ImageMagick FEDORA-2012-11746 File : nvt/gb_fedora_2012_11746_ImageMagick_fc16.nasl |
2012-08-30 | Name : Fedora Update for vte FEDORA-2012-9575 File : nvt/gb_fedora_2012_9575_vte_fc17.nasl |
2012-08-13 | Name : Ganglia PHP Code Execution Vulnerability File : nvt/gb_ganglia_54699.nasl |
2012-08-03 | Name : Mandriva Update for php MDVSA-2012:065 (php) File : nvt/gb_mandriva_MDVSA_2012_065.nasl |
2012-07-06 | Name : Fedora Update for vte FEDORA-2012-9546 File : nvt/gb_fedora_2012_9546_vte_fc16.nasl |
2012-06-25 | Name : Fedora Update for ImageMagick FEDORA-2012-9313 File : nvt/gb_fedora_2012_9313_ImageMagick_fc16.nasl |
2011-07-27 | Name : Fedora Update for vte3 FEDORA-2011-9330 File : nvt/gb_fedora_2011_9330_vte3_fc15.nasl |
2011-07-27 | Name : Fedora Update for vte FEDORA-2011-9330 File : nvt/gb_fedora_2011_9330_vte_fc15.nasl |
2010-09-24 | Name : EGroupware multiple vulnerabilities File : nvt/gb_egroupware_mult_vulns_09_10.nasl |
2010-08-30 | Name : Mandriva Update for vte MDVSA-2010:161 (vte) File : nvt/gb_mandriva_MDVSA_2010_161.nasl |
2010-07-22 | Name : FreeBSD Ports: vte File : nvt/freebsd_vte.nasl |
2010-07-16 | Name : Ubuntu Update for vte vulnerability USN-962-1 File : nvt/gb_ubuntu_USN_962_1.nasl |
2010-03-16 | Name : Debian Security Advisory DSA 2013-1 (egroupware) File : nvt/deb_2013_1.nasl |
2010-03-16 | Name : FreeBSD Ports: egroupware File : nvt/freebsd_egroupware0.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:208-1 (libgadu) File : nvt/mdksa_2009_208_1.nasl |
2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:208 (libgadu) File : nvt/mdksa_2009_208.nasl |
2009-03-23 | Name : Ubuntu Update for ekg, libgadu vulnerability USN-692-1 File : nvt/gb_ubuntu_USN_692_1.nasl |
2008-11-19 | Name : Debian Security Advisory DSA 1664-1 (ekg) File : nvt/deb_1664_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
78514 | Suhosin Extension for PHP Transparent Cookie Encryption Remote Overflow |
72537 | Layer Four Traceroute (LFT) Crafted Command Line Unspecified Privilege Escala... |
62805 | eGroupWare spellchecker.php Multiple Parameter Arbitrary Shell Command Execution eGroupWare contains a flaw that may allow a remote attacker to execute arbitrary shell commands. The issue is due to the 'spellchecker.php' script not properly sanitizing user-supplied input to the 'spellchecker_lang' and 'aspell_path' parameters. This may allow an attacker to execute arbitrary shell commands. |
62804 | eGroupWare login.php lang Parameter XSS eGroupWare contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'lang' parameter upon submission to the 'login.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
60458 | VTE / gnome-terminal Window Title Escape Sequence Arbitrary Command Execution |
50042 | libgadu Contact Description Handling Remote DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-10.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_kdenetwork4-101119.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-182.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-471.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-472.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_vte-100716.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-135.nasl - Type : ACT_GATHER_INFO |
2013-01-22 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2610.nasl - Type : ACT_GATHER_INFO |
2012-07-26 | Name : The remote Fedora host is missing a security update. File : fedora_2012-10699.nasl - Type : ACT_GATHER_INFO |
2012-07-26 | Name : The remote Fedora host is missing a security update. File : fedora_2012-10727.nasl - Type : ACT_GATHER_INFO |
2012-07-05 | Name : The remote Fedora host is missing a security update. File : fedora_2012-9546.nasl - Type : ACT_GATHER_INFO |
2012-07-05 | Name : The remote Fedora host is missing a security update. File : fedora_2012-9575.nasl - Type : ACT_GATHER_INFO |
2012-04-27 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-065.nasl - Type : ACT_GATHER_INFO |
2012-04-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-mod_php5-120309.nasl - Type : ACT_GATHER_INFO |
2012-04-06 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-mod_php53-120309.nasl - Type : ACT_GATHER_INFO |
2012-03-26 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-8009.nasl - Type : ACT_GATHER_INFO |
2011-07-25 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-9330.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_kdenetwork4-101119.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kdenetwork3-101119.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kde4-kdnssd-101119.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_vte-100715.nasl - Type : ACT_GATHER_INFO |
2010-12-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kdenetwork3-7245.nasl - Type : ACT_GATHER_INFO |
2010-12-16 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kde4-kdnssd-101119.nasl - Type : ACT_GATHER_INFO |
2010-08-25 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-161.nasl - Type : ACT_GATHER_INFO |
2010-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_vte-100716.nasl - Type : ACT_GATHER_INFO |
2010-07-19 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_9a8fecef92c011dfb1400015f2db7bde.nasl - Type : ACT_GATHER_INFO |
2010-07-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-962-1.nasl - Type : ACT_GATHER_INFO |
2010-03-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2013.nasl - Type : ACT_GATHER_INFO |
2010-03-10 | Name : The remote web server contains a CGI script that can be abused to execute arb... File : egroupware_spellchecker_cmd_exec.nasl - Type : ACT_ATTACK |
2009-08-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-208.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libgadu-081030.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-692-1.nasl - Type : ACT_GATHER_INFO |
2008-11-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1664.nasl - Type : ACT_GATHER_INFO |
2008-10-31 | Name : The remote openSUSE host is missing a security update. File : suse_libgadu-5717.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-12-16 13:25:43 |
|
2014-12-12 05:26:35 |
|