9.3 - RHSA-2009:0018

Executive Summary

Summary
Title	xterm security update

Informations
Name	RHSA-2009:0018	First vendor Publication	2009-01-07
Vendor	RedHat	Last vendor Modification	2009-01-07
Severity (Vendor)	Important	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An updated xterm package to correct a security issue is now available for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

The xterm program is a terminal emulator for the X Window System.

A flaw was found in the xterm handling of Device Control Request Status String (DECRQSS) escape sequences. An attacker could create a malicious text file (or log entry, if unfiltered) that could run arbitrary commands if read by a victim inside an xterm window. (CVE-2008-2383)

All xterm users are advised to upgrade to the updated package, which contains a backported patch to resolve this issue. All running instances of xterm must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Package List:

Red Hat Enterprise Linux AS version 3:

Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/xterm-179-11.EL3.src.rpm

i386: xterm-179-11.EL3.i386.rpm xterm-debuginfo-179-11.EL3.i386.rpm

ia64: xterm-179-11.EL3.ia64.rpm xterm-debuginfo-179-11.EL3.ia64.rpm

ppc: xterm-179-11.EL3.ppc.rpm xterm-debuginfo-179-11.EL3.ppc.rpm

s390: xterm-179-11.EL3.s390.rpm xterm-debuginfo-179-11.EL3.s390.rpm

s390x: xterm-179-11.EL3.s390x.rpm xterm-debuginfo-179-11.EL3.s390x.rpm

x86_64: xterm-179-11.EL3.x86_64.rpm xterm-debuginfo-179-11.EL3.x86_64.rpm

Red Hat Desktop version 3:

Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/xterm-179-11.EL3.src.rpm

i386: xterm-179-11.EL3.i386.rpm xterm-debuginfo-179-11.EL3.i386.rpm

x86_64: xterm-179-11.EL3.x86_64.rpm xterm-debuginfo-179-11.EL3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/xterm-179-11.EL3.src.rpm

i386: xterm-179-11.EL3.i386.rpm xterm-debuginfo-179-11.EL3.i386.rpm

ia64: xterm-179-11.EL3.ia64.rpm xterm-debuginfo-179-11.EL3.ia64.rpm

x86_64: xterm-179-11.EL3.x86_64.rpm xterm-debuginfo-179-11.EL3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/xterm-179-11.EL3.src.rpm

i386: xterm-179-11.EL3.i386.rpm xterm-debuginfo-179-11.EL3.i386.rpm

ia64: xterm-179-11.EL3.ia64.rpm xterm-debuginfo-179-11.EL3.ia64.rpm

x86_64: xterm-179-11.EL3.x86_64.rpm xterm-debuginfo-179-11.EL3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/xterm-192-8.el4_7.2.src.rpm

i386: xterm-192-8.el4_7.2.i386.rpm xterm-debuginfo-192-8.el4_7.2.i386.rpm

ia64: xterm-192-8.el4_7.2.ia64.rpm xterm-debuginfo-192-8.el4_7.2.ia64.rpm

ppc: xterm-192-8.el4_7.2.ppc.rpm xterm-debuginfo-192-8.el4_7.2.ppc.rpm

s390: xterm-192-8.el4_7.2.s390.rpm xterm-debuginfo-192-8.el4_7.2.s390.rpm

s390x: xterm-192-8.el4_7.2.s390x.rpm xterm-debuginfo-192-8.el4_7.2.s390x.rpm

x86_64: xterm-192-8.el4_7.2.x86_64.rpm xterm-debuginfo-192-8.el4_7.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/xterm-192-8.el4_7.2.src.rpm

i386: xterm-192-8.el4_7.2.i386.rpm xterm-debuginfo-192-8.el4_7.2.i386.rpm

x86_64: xterm-192-8.el4_7.2.x86_64.rpm xterm-debuginfo-192-8.el4_7.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/xterm-192-8.el4_7.2.src.rpm

i386: xterm-192-8.el4_7.2.i386.rpm xterm-debuginfo-192-8.el4_7.2.i386.rpm

ia64: xterm-192-8.el4_7.2.ia64.rpm xterm-debuginfo-192-8.el4_7.2.ia64.rpm

x86_64: xterm-192-8.el4_7.2.x86_64.rpm xterm-debuginfo-192-8.el4_7.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/xterm-192-8.el4_7.2.src.rpm

i386: xterm-192-8.el4_7.2.i386.rpm xterm-debuginfo-192-8.el4_7.2.i386.rpm

ia64: xterm-192-8.el4_7.2.ia64.rpm xterm-debuginfo-192-8.el4_7.2.ia64.rpm

x86_64: xterm-192-8.el4_7.2.x86_64.rpm xterm-debuginfo-192-8.el4_7.2.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xterm-215-5.el5_2.2.src.rpm

i386: xterm-215-5.el5_2.2.i386.rpm xterm-debuginfo-215-5.el5_2.2.i386.rpm

x86_64: xterm-215-5.el5_2.2.x86_64.rpm xterm-debuginfo-215-5.el5_2.2.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xterm-215-5.el5_2.2.src.rpm

i386: xterm-215-5.el5_2.2.i386.rpm xterm-debuginfo-215-5.el5_2.2.i386.rpm

ia64: xterm-215-5.el5_2.2.ia64.rpm xterm-debuginfo-215-5.el5_2.2.ia64.rpm

ppc: xterm-215-5.el5_2.2.ppc.rpm xterm-debuginfo-215-5.el5_2.2.ppc.rpm

s390x: xterm-215-5.el5_2.2.s390x.rpm xterm-debuginfo-215-5.el5_2.2.s390x.rpm

x86_64: xterm-215-5.el5_2.2.x86_64.rpm xterm-debuginfo-215-5.el5_2.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2009-0018.html

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-94	Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13513

Oval ID:	oval:org.mitre.oval:def:13513
Title:	USN-703-1 -- xterm vulnerability
Description:	Paul Szabo discovered that the DECRQSS escape sequences were not handled correctly by xterm. Additionally, window title operations were also not safely handled. If a user were tricked into viewing a specially crafted series of characters while in xterm, a remote attacker could execute arbitrary commands with user privileges
Family:	unix	Class:	patch
Reference(s):	USN-703-1 CVE-2006-7236 CVE-2008-2382 CVE-2008-2383	Version:	5
Platform(s):	Ubuntu 7.10 Ubuntu 8.04 Ubuntu 6.06 Ubuntu 8.10	Product(s):	xterm
Definition Synopsis:
Release section Ubuntu 7.10 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND xterm DPKG is earlier than 229-1ubuntu0.1 OR Release section Ubuntu 8.04 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND xterm DPKG is earlier than 229-1ubuntu1.1 OR Release section Ubuntu 6.06 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is powerpc AND xterm DPKG is earlier than 208-3.1ubuntu3.1 OR Release section Ubuntu 8.10 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND xterm DPKG is earlier than 235-1ubuntu1.1

Definition Id: oval:org.mitre.oval:def:13620

Oval ID:	oval:org.mitre.oval:def:13620
Title:	DSA-1694-2 xterm -- design flaw
Description:	The xterm update in DSA-1694-1 disabled font changing as a precaution. However, users reported that they need this feature. The update in this DSA makes font shifting through escape sequences configurable, using a new allowFontOps X resource, and unconditionally enables font changing through keyboard sequences. For the stable distribution, this problem has been fixed in version 222-1etch4. For the testing distribution, this problem has been fixed in version 235-2. For the unstable distribution, this problem has been fixed in version 238-2. We recommend that you upgrade your xterm package.
Family:	unix	Class:	patch
Reference(s):	DSA-1694-2 CVE-2008-2383	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	xterm
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is mipsel AND Installed architecture is hppa AND xterm DPKG is earlier than 222-1etch4

Definition Id: oval:org.mitre.oval:def:13638

Oval ID:	oval:org.mitre.oval:def:13638
Title:	DSA-1694-1 xterm -- design flaw
Description:	Paul Szabo discovered that xterm, a terminal emulator for the X Window System, places arbitrary characters into the input buffer when displaying certain crafted escape sequences. As an additional precaution, this security update also disables font changing, user-defined keys, and X property changes through escape sequences. For the stable distribution, this problem has been fixed in version 222-1etch3. For the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your xterm package.
Family:	unix	Class:	patch
Reference(s):	DSA-1694-1 CVE-2008-2383	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	xterm
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND xterm DPKG is earlier than 222-1etch3

Definition Id: oval:org.mitre.oval:def:22551

Oval ID:	oval:org.mitre.oval:def:22551
Title:	ELSA-2009:0018: xterm security update (Important)
Description:	CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:0018-01 CVE-2008-2383	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	xterm
Definition Synopsis:
Oracle Linux 5.x AND xterm is earlier than 0:215-5.el5_2.2

Definition Id: oval:org.mitre.oval:def:29143

Oval ID:	oval:org.mitre.oval:def:29143
Title:	RHSA-2009:0018 -- xterm security update (Important)
Description:	An updated xterm package to correct a security issue is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The xterm program is a terminal emulator for the X Window System. A flaw was found in the xterm handling of Device Control Request Status String (DECRQSS) escape sequences. An attacker could create a malicious text file (or log entry, if unfiltered) that could run arbitrary commands if read by a victim inside an xterm window. (CVE-2008-2383)
Family:	unix	Class:	patch
Reference(s):	RHSA-2009:0018 CESA-2009:0018-CentOS 3 CESA-2009:0018-CentOS 5 CVE-2008-2383	Version:	3
Platform(s):	Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 3 CentOS Linux 5	Product(s):	xterm
Definition Synopsis:
Red Hat Enterprise Linux 3 release section The operating system installed on the system is Red Hat Enterprise Linux 3 AND xterm is earlier than 0:179-11.EL3 AND Red Hat Enterprise Linux 4 release section The operating system installed on the system is Red Hat Enterprise Linux 4 AND xterm is earlier than 0:192-8.el4_7.2 AND Red Hat Enterprise Linux 5 and CentOS Linux 5 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x AND xterm is earlier than 0:215-5.el5_2.2

Definition Id: oval:org.mitre.oval:def:7900

Oval ID:	oval:org.mitre.oval:def:7900
Title:	DSA-1694 xterm -- design flaw
Description:	Paul Szabo discovered that xterm, a terminal emulator for the X Window System, places arbitrary characters into the input buffer when displaying certain crafted escape sequences (CVE-2008-2383). As an additional precaution, this security update also disables font changing, user-defined keys, and X property changes through escape sequences.
Family:	unix	Class:	patch
Reference(s):	DSA-1694 CVE-2008-2383	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	xterm
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND xterm is earlier than 222-1etch3

Definition Id: oval:org.mitre.oval:def:9317

Oval ID:	oval:org.mitre.oval:def:9317
Title:	CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
Description:	CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-2383	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND xterm is earlier than 0:179-11.EL3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND xterm is earlier than 0:192-8.el4_7.2 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND xterm is earlier than 0:215-5.el5_2.2

OpenVAS Exploits

Date	Description
2011-08-09	Name : CentOS Update for hanterm-xf CESA-2009:0019-01 centos2 i386 File : nvt/gb_CESA-2009_0019-01_hanterm-xf_centos2_i386.nasl
2011-08-09	Name : CentOS Update for xterm CESA-2009:0018 centos3 i386 File : nvt/gb_CESA-2009_0018_xterm_centos3_i386.nasl
2011-08-09	Name : CentOS Update for xterm-192-8.el4 CESA-2009:0018 centos4 i386 File : nvt/gb_CESA-2009_0018_xterm-192-8.el4__centos4_i386.nasl
2011-08-09	Name : CentOS Update for xterm-215-5.el5 CESA-2009:0018 centos5 i386 File : nvt/gb_CESA-2009_0018_xterm-215-5.el5__centos5_i386.nasl
2010-05-12	Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2009-10-13	Name : SLES10: Security update for xterm File : nvt/sles10_xterm.nasl
2009-10-10	Name : SLES9: Security update for XFree86 File : nvt/sles9p5041641.nasl
2009-06-05	Name : Ubuntu USN-707-1 (cupsys) File : nvt/ubuntu_707_1.nasl
2009-06-05	Name : Ubuntu USN-698-3 (nagios2) File : nvt/ubuntu_698_3.nasl
2009-02-13	Name : Gentoo Security Advisory GLSA 200902-04 (xterm) File : nvt/glsa_200902_04.nasl
2009-02-10	Name : CentOS Security Advisory CESA-2009:0019-01 (hanterm-xf) File : nvt/ovcesa2009_0019_01.nasl
2009-02-02	Name : SuSE Security Summary SUSE-SR:2009:003 File : nvt/suse_sr_2009_003.nasl
2009-01-20	Name : SuSE Security Summary SUSE-SR:2009:002 File : nvt/suse_sr_2009_002.nasl
2009-01-13	Name : Mandrake Security Advisory MDVSA-2009:005 (xterm) File : nvt/mdksa_2009_005.nasl
2009-01-13	Name : CentOS Security Advisory CESA-2009:0018 (xterm) File : nvt/ovcesa2009_0018.nasl
2009-01-07	Name : FreeBSD Ports: xterm File : nvt/freebsd_xterm.nasl
2009-01-07	Name : Fedora Core 8 FEDORA-2009-0154 (xterm) File : nvt/fcore_2009_0154.nasl
2009-01-07	Name : RedHat Security Advisory RHSA-2009:0018 File : nvt/RHSA_2009_0018.nasl
2009-01-07	Name : Fedora Core 10 FEDORA-2009-0091 (xterm) File : nvt/fcore_2009_0091.nasl
2009-01-07	Name : Fedora Core 9 FEDORA-2009-0059 (xterm) File : nvt/fcore_2009_0059.nasl
2009-01-07	Name : Debian Security Advisory DSA 1694-2 (xterm) File : nvt/deb_1694_2.nasl
2009-01-07	Name : Debian Security Advisory DSA 1694-1 (xterm) File : nvt/deb_1694_1.nasl
2009-01-07	Name : Ubuntu USN-702-1 (samba) File : nvt/ubuntu_702_1.nasl
2009-01-07	Name : Ubuntu USN-703-1 (xterm) File : nvt/ubuntu_703_1.nasl
2009-01-07	Name : RedHat Security Advisory RHSA-2009:0019 File : nvt/RHSA_2009_0019.nasl
0000-00-00	Name : Slackware Advisory SSA:2009-069-03 xterm File : nvt/esoft_slk_ssa_2009_069_03.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
51142	xterm DECRQSS Escape Sequence LF Character Handling CRLF Injection

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-0018.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing a security update. File : sl_20090107_xterm_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xterm-5898.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12344.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_xterm-090108.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_xterm-090108.nasl - Type : ACT_GATHER_INFO
2009-05-13	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-703-1.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2009-005.nasl - Type : ACT_GATHER_INFO
2009-03-11	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-069-03.nasl - Type : ACT_GATHER_INFO
2009-02-13	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200902-04.nasl - Type : ACT_GATHER_INFO
2009-01-16	Name : The remote Fedora host is missing a security update. File : fedora_2009-0154.nasl - Type : ACT_GATHER_INFO
2009-01-16	Name : The remote Fedora host is missing a security update. File : fedora_2009-0059.nasl - Type : ACT_GATHER_INFO
2009-01-14	Name : The remote openSUSE host is missing a security update. File : suse_xterm-5902.nasl - Type : ACT_GATHER_INFO
2009-01-08	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-0019.nasl - Type : ACT_GATHER_INFO
2009-01-08	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-0018.nasl - Type : ACT_GATHER_INFO
2009-01-07	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-0018.nasl - Type : ACT_GATHER_INFO
2009-01-06	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_d5e1aac8db0b11ddae30001cc0377035.nasl - Type : ACT_GATHER_INFO
2009-01-06	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1694.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:52:12	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	7
osvdb(s)	1
Openvas Exploit(s)	27
Nessus® Exploit(s)	19

	Related
9.3	CVE-2008-2383
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

9.3 - RHSA-2009:0018

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU