Executive Summary
Summary | |
---|---|
Title | ESX Service Console updates for openssl, bind, and vim |
Informations | |||
---|---|---|---|
Name | VMSA-2009-0004 | First vendor Publication | 2009-03-31 |
Vendor | VMware | Last vendor Modification | 2009-03-31 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. Updated OpenSSL package for the Service Console fixes a security issue. OpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-5077 to this issue. b. Update bind package for the Service Console fixes a security issue. A flaw was discovered in the way Berkeley Internet Name Domain (BIND) checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0025 to this issue. c. Updated vim package for the Service Console addresses several security issues. Several input flaws were found in Visual editor IMproved's (Vim) keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4101 to this issue. A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially crafted file or directory name, when opened by Vim causes the application to stop responding or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-3432 to this issue. Several input flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2712 to this issue. A format string flaw was discovered in Vim's help tag processor. If a user was tricked into executing the "helptags" command on malicious data, arbitrary code could be executed with the permissions of the user running VIM. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-2953 to this issue. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2009-0004.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
60 % | CWE-20 | Improper Input Validation |
20 % | CWE-287 | Improper Authentication |
20 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10879 | |||
Oval ID: | oval:org.mitre.oval:def:10879 | ||
Title: | BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | ||
Description: | BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0025 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10894 | |||
Oval ID: | oval:org.mitre.oval:def:10894 | ||
Title: | Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712. | ||
Description: | Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4101 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11109 | |||
Oval ID: | oval:org.mitre.oval:def:11109 | ||
Title: | Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075. | ||
Description: | Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2712 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11203 | |||
Oval ID: | oval:org.mitre.oval:def:11203 | ||
Title: | Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case. | ||
Description: | Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3432 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11549 | |||
Oval ID: | oval:org.mitre.oval:def:11549 | ||
Title: | Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command. | ||
Description: | Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2953 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13365 | |||
Oval ID: | oval:org.mitre.oval:def:13365 | ||
Title: | DSA-1703-1 bind9 -- interpretation conflict | ||
Description: | It was discovered that BIND, an implementation of the DNS protocol suite, does not properly check the result of an OpenSSL function which is used to verify DSA cryptographic signatures. As a result, incorrect DNS resource records in zones protected by DNSSEC could be accepted as genuine. For the stable distribution, this problem has been fixed in version 1:9.3.4-2etch4. For the unstable distribution and the testing distribution, this problem will be fixed soon. We recommend that you upgrade your BIND packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1703-1 CVE-2009-0025 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | bind9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13504 | |||
Oval ID: | oval:org.mitre.oval:def:13504 | ||
Title: | DSA-1701-1 openssl, openssl097 -- interpretation conflict | ||
Description: | It was discovered that OpenSSL does not properly verify DSA signatures on X.509 certificates due to an API misuse, potentially leading to the acceptance of incorrect X.509 certificates as genuine. For the stable distribution, this problem has been fixed in version 0.9.8c-4etch4 of the openssl package, and version 0.9.7k-3.1etch2 of the openssl097 package. For the unstable distribution, this problem has been fixed in version 0.9.8g-15. The testing distribution will be fixed soon. We recommend that you upgrade your OpenSSL packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1701-1 CVE-2008-5077 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | openssl openssl097 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13925 | |||
Oval ID: | oval:org.mitre.oval:def:13925 | ||
Title: | USN-704-1 -- openssl vulnerability | ||
Description: | It was discovered that OpenSSL did not properly perform signature verification on DSA and ECDSA keys. If user or automated system connected to a malicious server or a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-704-1 CVE-2008-5077 | Version: | 5 |
Platform(s): | Ubuntu 7.10 Ubuntu 8.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17506 | |||
Oval ID: | oval:org.mitre.oval:def:17506 | ||
Title: | USN-505-1 -- vim vulnerability | ||
Description: | Ulf Harnhammar discovered that vim does not properly sanitise the "helptags_one()" function when running the "helptags" command. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-505-1 CVE-2007-2953 | Version: | 5 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 | Product(s): | vim |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17989 | |||
Oval ID: | oval:org.mitre.oval:def:17989 | ||
Title: | DSA-1364-1 vim | ||
Description: | Several vulnerabilities have been discovered in the vim editor. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1364-1 CVE-2007-2438 CVE-2007-2953 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | vim |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20113 | |||
Oval ID: | oval:org.mitre.oval:def:20113 | ||
Title: | DSA-1733-1 vim - multiple vulnerabilities | ||
Description: | Several vulnerabilities have been found in vim, an enhanced vi editor. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1733-1 CVE-2008-2712 CVE-2008-3074 CVE-2008-3075 CVE-2008-3076 CVE-2008-4101 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | vim |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20483 | |||
Oval ID: | oval:org.mitre.oval:def:20483 | ||
Title: | DSA-1364-2 vim - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the vim editor. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1364-2 CVE-2007-2438 CVE-2007-2953 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | vim |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21048 | |||
Oval ID: | oval:org.mitre.oval:def:21048 | ||
Title: | Multiple vulnerabilities in AIX BIND | ||
Description: | BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0025 | Version: | 6 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21759 | |||
Oval ID: | oval:org.mitre.oval:def:21759 | ||
Title: | ELSA-2009:0004: openssl security update (Important) | ||
Description: | OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:0004-01 CVE-2008-5077 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | openssl openssl095a openssl096 openssl096b openssl097a |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22671 | |||
Oval ID: | oval:org.mitre.oval:def:22671 | ||
Title: | ELSA-2009:0020: bind security update (Moderate) | ||
Description: | BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:0020-01 CVE-2009-0025 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | bind |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28712 | |||
Oval ID: | oval:org.mitre.oval:def:28712 | ||
Title: | RHSA-2009:0004 -- openssl security update (Important) | ||
Description: | Updated OpenSSL packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a malicious server, or able to effect a man in the middle attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client and bypass validation. (CVE-2008-5077) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:0004 CESA-2009:0004-CentOS 3 CESA-2009:0004-CentOS 5 CESA-2009:0004-CentOS 2 CVE-2008-5077 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 3 CentOS Linux 5 CentOS Linux 2 | Product(s): | openssl openssl095a openssl096 openssl096b openssl097a |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28987 | |||
Oval ID: | oval:org.mitre.oval:def:28987 | ||
Title: | RHSA-2009:0020 -- bind security update (Moderate) | ||
Description: | Updated Bind packages to correct a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was discovered in the way BIND checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. (CVE-2009-0025) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:0020 CESA-2009:0020-CentOS 5 CESA-2009:0020-CentOS 2 CESA-2009:0020-CentOS 3 CVE-2009-0025 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 5 CentOS Linux 2 CentOS Linux 3 | Product(s): | bind |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5569 | |||
Oval ID: | oval:org.mitre.oval:def:5569 | ||
Title: | Avaya Solaris BIND "EVP_VerifyFinal()" Signature Spoofing Vulnerability | ||
Description: | BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0025 | Version: | 1 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5812 | |||
Oval ID: | oval:org.mitre.oval:def:5812 | ||
Title: | Vim Insufficient Shell Escaping Multiple Command Execution Vulnerability | ||
Description: | Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4101 | Version: | 1 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5987 | |||
Oval ID: | oval:org.mitre.oval:def:5987 | ||
Title: | Vim 'mch_expand_wildcards()' Heap Based Buffer Overflow Vulnerability | ||
Description: | Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3432 | Version: | 1 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6238 | |||
Oval ID: | oval:org.mitre.oval:def:6238 | ||
Title: | Vim Flaw in Quoting Vim Script Lets Remote Users Cause Arbitrary Commands to Be Executed in Certain Cases | ||
Description: | Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2712 | Version: | 1 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6380 | |||
Oval ID: | oval:org.mitre.oval:def:6380 | ||
Title: | OpenSSL DSA and ECDSA "EVP_VerifyFinal()" Spoofing Vulnerability | ||
Description: | OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5077 | Version: | 1 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6463 | |||
Oval ID: | oval:org.mitre.oval:def:6463 | ||
Title: | Vim HelpTags Command Remote Format String Vulnerability | ||
Description: | Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2953 | Version: | 1 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7596 | |||
Oval ID: | oval:org.mitre.oval:def:7596 | ||
Title: | DSA-1733 vim -- several vulnerabilities | ||
Description: | Several vulnerabilities have been found in vim, an enhanced vi editor. The Common Vulnerabilities and Exposures project identifies the following problems: Jan Minar discovered that vim did not properly sanitise inputs before invoking the execute or system functions inside vim scripts. This could lead to the execution of arbitrary code. Jan Minar discovered that the tar plugin of vim did not properly sanitise the filenames in the tar archive or the name of the archive file itself, making it prone to arbitrary code execution. Jan Minar discovered that the zip plugin of vim did not properly sanitise the filenames in the zip archive or the name of the archive file itself, making it prone to arbitrary code execution. Jan Minar discovered that the netrw plugin of vim did not properly sanitise the filenames or directory names it is given. This could lead to the execution of arbitrary code. Ben Schmidt discovered that vim did not properly escape characters when performing keyword or tag lookups. This could lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1733 CVE-2008-2712 CVE-2008-3074 CVE-2008-3075 CVE-2008-3076 CVE-2008-4101 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | vim |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7738 | |||
Oval ID: | oval:org.mitre.oval:def:7738 | ||
Title: | DSA-1701 openssl, openssl097 -- interpretation conflict | ||
Description: | It was discovered that OpenSSL does not properly verify DSA signatures on X.509 certificates due to an API misuse, potentially leading to the acceptance of incorrect X.509 certificates as genuine (CVE-2008-5077). | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1701 CVE-2008-5077 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | openssl openssl097 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7929 | |||
Oval ID: | oval:org.mitre.oval:def:7929 | ||
Title: | DSA-1703 bind9 -- interpretation conflict | ||
Description: | It was discovered that BIND, an implementation of the DNS protocol suite, does not properly check the result of an OpenSSL function, which is used to verify DSA cryptographic signatures. As a result, incorrect DNS resource records in zones protected by DNSSEC could be accepted as genuine. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1703 CVE-2009-0025 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | bind9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9155 | |||
Oval ID: | oval:org.mitre.oval:def:9155 | ||
Title: | OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. | ||
Description: | OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5077 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for bind CESA-2009:0020-01 centos2 i386 File : nvt/gb_CESA-2009_0020-01_bind_centos2_i386.nasl |
2011-08-09 | Name : CentOS Update for bind CESA-2009:0020 centos5 i386 File : nvt/gb_CESA-2009_0020_bind_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for bind CESA-2009:0020 centos4 i386 File : nvt/gb_CESA-2009_0020_bind_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for bind CESA-2009:0020 centos3 i386 File : nvt/gb_CESA-2009_0020_bind_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for openssl CESA-2009:0004-01 centos2 i386 File : nvt/gb_CESA-2009_0004-01_openssl_centos2_i386.nasl |
2011-08-09 | Name : CentOS Update for openssl096b CESA-2009:0004 centos3 i386 File : nvt/gb_CESA-2009_0004_openssl096b_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for openssl097a CESA-2009:0004 centos5 i386 File : nvt/gb_CESA-2009_0004_openssl097a_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for openssl CESA-2009:0004 centos4 i386 File : nvt/gb_CESA-2009_0004_openssl_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for openssl CESA-2009:0004 centos5 i386 File : nvt/gb_CESA-2009_0004_openssl_centos5_i386.nasl |
2010-10-10 | Name : FreeBSD Ports: vim6, vim6+ruby File : nvt/freebsd_vim6.nasl |
2010-05-12 | Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl |
2010-05-12 | Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl |
2010-05-12 | Name : Mac OS X Security Update 2008-007 File : nvt/macosx_secupd_2008-007.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-19 | Name : Mandrake Security Advisory MDVSA-2009:271 (libnasl) File : nvt/mdksa_2009_271.nasl |
2009-10-13 | Name : SLES10: Security update for compat-openssl097g File : nvt/sles10_compat-openssl00.nasl |
2009-10-13 | Name : SLES10: Security update for openssl File : nvt/sles10_openssl.nasl |
2009-10-13 | Name : SLES10: Security update for vim File : nvt/sles10_gvim.nasl |
2009-10-13 | Name : Solaris Update for sshd 140119-11 File : nvt/gb_solaris_140119_11.nasl |
2009-10-13 | Name : SLES10: Security update for bind File : nvt/sles10_bind.nasl |
2009-10-10 | Name : SLES9: Security update for vim and gvim File : nvt/sles9p5017978.nasl |
2009-10-10 | Name : SLES9: Security update for bind File : nvt/sles9p5041320.nasl |
2009-10-10 | Name : SLES9: Security update for openssl File : nvt/sles9p5041421.nasl |
2009-10-10 | Name : SLES9: Security update for ViM File : nvt/sles9p5044520.nasl |
2009-09-23 | Name : Solaris Update for sshd 140119-09 File : nvt/gb_solaris_140119_09.nasl |
2009-09-23 | Name : Solaris Update for sshd 140119-07 File : nvt/gb_solaris_140119_07.nasl |
2009-06-23 | Name : Fedora Core 10 FEDORA-2009-5412 (openssl) File : nvt/fcore_2009_5412.nasl |
2009-06-23 | Name : Fedora Core 9 FEDORA-2009-5423 (openssl) File : nvt/fcore_2009_5423.nasl |
2009-06-05 | Name : Ubuntu USN-707-1 (cupsys) File : nvt/ubuntu_707_1.nasl |
2009-06-05 | Name : Ubuntu USN-776-2 (kvm) File : nvt/ubuntu_776_2.nasl |
2009-06-03 | Name : Solaris Update for Kernel 139555-08 File : nvt/gb_solaris_139555_08.nasl |
2009-06-03 | Name : Solaris Update for sshd 140119-06 File : nvt/gb_solaris_140119_06.nasl |
2009-05-05 | Name : HP-UX Update for OpenSSL HPSBUX02418 File : nvt/gb_hp_ux_HPSBUX02418.nasl |
2009-04-09 | Name : Mandriva Update for vim MDVSA-2008:236 (vim) File : nvt/gb_mandriva_MDVSA_2008_236.nasl |
2009-04-09 | Name : Mandriva Update for vim MDVSA-2008:236-1 (vim) File : nvt/gb_mandriva_MDVSA_2008_236_1.nasl |
2009-04-09 | Name : Mandriva Update for vim MDKSA-2007:168 (vim) File : nvt/gb_mandriva_MDKSA_2007_168.nasl |
2009-04-06 | Name : Gentoo Security Advisory GLSA 200904-05 (ntp) File : nvt/glsa_200904_05.nasl |
2009-03-31 | Name : SuSE Security Summary SUSE-SR:2009:007 File : nvt/suse_sr_2009_007.nasl |
2009-03-23 | Name : Ubuntu Update for vim vulnerability USN-505-1 File : nvt/gb_ubuntu_USN_505_1.nasl |
2009-03-13 | Name : Gentoo Security Advisory GLSA 200903-14 (bind) File : nvt/glsa_200903_14.nasl |
2009-03-07 | Name : Debian Security Advisory DSA 1733-1 (vim) File : nvt/deb_1733_1.nasl |
2009-03-06 | Name : RedHat Update for vim RHSA-2008:0580-01 File : nvt/gb_RHSA-2008_0580-01_vim.nasl |
2009-03-06 | Name : RedHat Update for vim RHSA-2008:0617-01 File : nvt/gb_RHSA-2008_0617-01_vim.nasl |
2009-03-06 | Name : RedHat Update for vim RHSA-2008:0618-01 File : nvt/gb_RHSA-2008_0618-01_vim.nasl |
2009-02-27 | Name : CentOS Update for vim-common CESA-2008:0617 centos4 x86_64 File : nvt/gb_CESA-2008_0617_vim-common_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for vim-common CESA-2008:0617 centos4 i386 File : nvt/gb_CESA-2008_0617_vim-common_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for vim-common CESA-2008:0617 centos3 x86_64 File : nvt/gb_CESA-2008_0617_vim-common_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for vim-common CESA-2008:0617 centos3 i386 File : nvt/gb_CESA-2008_0617_vim-common_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for vim CESA-2008:0618-01 centos2 i386 File : nvt/gb_CESA-2008_0618-01_vim_centos2_i386.nasl |
2009-02-18 | Name : Mandrake Security Advisory MDVSA-2009:037 (bind) File : nvt/mdksa_2009_037.nasl |
2009-02-13 | Name : Gentoo Security Advisory GLSA 200902-02 (openssl) File : nvt/glsa_200902_02.nasl |
2009-02-10 | Name : CentOS Security Advisory CESA-2009:0020-01 (bind) File : nvt/ovcesa2009_0020_01.nasl |
2009-02-10 | Name : CentOS Security Advisory CESA-2009:0004-01 (openssl) File : nvt/ovcesa2009_0004_01.nasl |
2009-02-02 | Name : Ubuntu USN-712-1 (vim) File : nvt/ubuntu_712_1.nasl |
2009-02-02 | Name : Ubuntu USN-711-1 (ktorrent) File : nvt/ubuntu_711_1.nasl |
2009-02-02 | Name : Ubuntu USN-710-1 (xine-lib) File : nvt/ubuntu_710_1.nasl |
2009-01-26 | Name : Fedora Core 9 FEDORA-2009-0547 (ntp) File : nvt/fcore_2009_0547.nasl |
2009-01-26 | Name : SuSE Security Advisory SUSE-SA:2009:005 (bind) File : nvt/suse_sa_2009_005.nasl |
2009-01-26 | Name : SuSE Security Advisory SUSE-SA:2009:006 (openssl) File : nvt/suse_sa_2009_006.nasl |
2009-01-26 | Name : Fedora Core 10 FEDORA-2009-0544 (ntp) File : nvt/fcore_2009_0544.nasl |
2009-01-22 | Name : OpenSSL DSA_do_verify() Security Bypass Vulnerability in NASL File : nvt/secpod_nasl_sec_bypass_vuln.nasl |
2009-01-20 | Name : Fedora Core 10 FEDORA-2009-0419 (tqsllib) File : nvt/fcore_2009_0419.nasl |
2009-01-20 | Name : Fedora Core 9 FEDORA-2009-0350 (bind) File : nvt/fcore_2009_0350.nasl |
2009-01-20 | Name : Fedora Core 10 FEDORA-2009-0451 (bind) File : nvt/fcore_2009_0451.nasl |
2009-01-20 | Name : Fedora Core 9 FEDORA-2009-0543 (tqsllib) File : nvt/fcore_2009_0543.nasl |
2009-01-20 | Name : FreeBSD Security Advisory (FreeBSD-SA-09:04.bind.asc) File : nvt/freebsdsa_bind6.nasl |
2009-01-15 | Name : OpenSSL DSA_verify() Security Bypass Vulnerability in BIND File : nvt/gb_bind_sec_bypass_vuln.nasl |
2009-01-13 | Name : Ubuntu USN-706-1 (bind9) File : nvt/ubuntu_706_1.nasl |
2009-01-13 | Name : Ubuntu USN-704-1 (openssl) File : nvt/ubuntu_704_1.nasl |
2009-01-13 | Name : RedHat Security Advisory RHSA-2009:0020 File : nvt/RHSA_2009_0020.nasl |
2009-01-13 | Name : Debian Security Advisory DSA 1701-1 (openssl, openssl097) File : nvt/deb_1701_1.nasl |
2009-01-13 | Name : Debian Security Advisory DSA 1703-1 (bind9) File : nvt/deb_1703_1.nasl |
2009-01-13 | Name : Fedora Core 9 FEDORA-2009-0325 (openssl) File : nvt/fcore_2009_0325.nasl |
2009-01-13 | Name : Mandrake Security Advisory MDVSA-2009:002 (bind) File : nvt/mdksa_2009_002.nasl |
2009-01-13 | Name : CentOS Security Advisory CESA-2009:0020 (bind) File : nvt/ovcesa2009_0020.nasl |
2009-01-13 | Name : CentOS Security Advisory CESA-2009:0004 (openssl) File : nvt/ovcesa2009_0004.nasl |
2009-01-13 | Name : Fedora Core 10 FEDORA-2009-0331 (openssl) File : nvt/fcore_2009_0331.nasl |
2009-01-13 | Name : FreeBSD Security Advisory (FreeBSD-SA-09:02.openssl.asc) File : nvt/freebsdsa_openssl6.nasl |
2009-01-09 | Name : libcrypt-openssl-dsa-perl Security Bypass Vulnerability in OpenSSL File : nvt/gb_openssl_sec_bypass_vuln.nasl |
2009-01-07 | Name : RedHat Security Advisory RHSA-2009:0004 File : nvt/RHSA_2009_0004.nasl |
2008-12-02 | Name : Vim Shell Command Injection Vulnerability (Win) File : nvt/secpod_vim_shell_cmd_injection_vuln_win_900411.nasl |
2008-12-02 | Name : Vim Shell Command Injection Vulnerability (Linux) File : nvt/secpod_vim_shell_cmd_injection_vuln_lin_900412.nasl |
2008-09-04 | Name : FreeBSD Ports: vim, vim-lite, vim-ruby, vim6, vim6-ruby File : nvt/freebsd_vim1.nasl |
2008-09-04 | Name : FreeBSD Ports: vim, vim-lite, vim-ruby, vim6, vim6-ruby File : nvt/freebsd_vim2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1364-1 (vim) File : nvt/deb_1364_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1364-2 (vim) File : nvt/deb_1364_2.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-014-01 openssl File : nvt/esoft_slk_ssa_2009_014_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-014-02 bind File : nvt/esoft_slk_ssa_2009_014_02.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-014-03 ntp File : nvt/esoft_slk_ssa_2009_014_03.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62878 | SSH Tectia Audit Player EVP_VerifyFinal Function DSA / ECDSA Key Validation W... |
51437 | Vim Character Escaping Weakness Arbitrary Command Execution |
51436 | Vim os_unix.c mch_expand_wildcards Function Filename Metacharacter Arbitrary ... |
51435 | Vim execute/system Function Arbitrary Command Execution |
51434 | Vim src/ex_cmds.c helptags_one Function helptags Format String |
51368 | OpenSSL DSA_verify Function SSL/TLS Signature Validation Weakness |
51164 | OpenSSL EVP_VerifyFinal Function DSA / ECDSA Key Validation Weakness OpenSSL contains a flaw that may allow a malicious user to perform a 'man in the middle' attack. The issue is triggered when several functions within OpenSSL incorrectly check the result of the EVP_VerifyFinal function. It is possible that the flaw may allow a malformed signature to be treated as a good signature instead of an error, resulting in a loss of integrity. |
48971 | Vim os_unix.c mch_expand_wildcards Function Filename Metacharacter Handling A... |
46306 | Vim Multiple Script execute Command Arbitrary Shell Command Injection |
38674 | Vim src/ex_cmds.c helptags_one Function help-tags Command Format String |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-04-21 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0066.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0004_remote.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2009-0004.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2009-0011.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL11503.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL9754.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0580.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0617.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0004.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-0046.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0020.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IV11743.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IV11742.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IV10049.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IV09978.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IV11744.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IV09491.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090108_bind_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090107_openssl_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081125_vim_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-01-04 | Name : The remote server is affected by a signature validation bypass vulnerability. File : openssl_0_9_8j.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-7645.nasl - Type : ACT_GATHER_INFO |
2011-07-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
2011-07-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-7644.nasl - Type : ACT_GATHER_INFO |
2011-05-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-014-02.nasl - Type : ACT_GATHER_INFO |
2010-09-09 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f866d2afbbba11df8a8d0008743bf21a.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0580.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-0046.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12360.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-5949.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gvim-6025.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-5957.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_bind-5905.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12341.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12328.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11722.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2009-0004.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_bind-090112.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_compat-openssl097g-090127.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_gvim-090225.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libopenssl-devel-090121.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_bind-090126.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-090121.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_gvim-090225.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_compat-openssl097g-090204.nasl - Type : ACT_GATHER_INFO |
2009-05-20 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_3_0_1_73.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-002.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO |
2009-05-12 | Name : The remote name server is affected by a signature validation weakness. File : bind_sig_return_checks.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-704-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-705-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-706-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-712-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0617.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-002.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-236.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-001.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-0331.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-0451.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-0544.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-037.nasl - Type : ACT_GATHER_INFO |
2009-04-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200904-05.nasl - Type : ACT_GATHER_INFO |
2009-03-13 | Name : The remote openSUSE host is missing a security update. File : suse_gvim-6023.nasl - Type : ACT_GATHER_INFO |
2009-03-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200903-14.nasl - Type : ACT_GATHER_INFO |
2009-03-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1733.nasl - Type : ACT_GATHER_INFO |
2009-02-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200902-02.nasl - Type : ACT_GATHER_INFO |
2009-02-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0020.nasl - Type : ACT_GATHER_INFO |
2009-01-29 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-0046.nasl - Type : ACT_GATHER_INFO |
2009-01-28 | Name : The remote openSUSE host is missing a security update. File : suse_compat-openssl097g-5964.nasl - Type : ACT_GATHER_INFO |
2009-01-26 | Name : The remote Fedora host is missing a security update. File : fedora_2009-0547.nasl - Type : ACT_GATHER_INFO |
2009-01-26 | Name : The remote openSUSE host is missing a security update. File : suse_libopenssl-devel-5951.nasl - Type : ACT_GATHER_INFO |
2009-01-22 | Name : The remote openSUSE host is missing a security update. File : suse_bind-5915.nasl - Type : ACT_GATHER_INFO |
2009-01-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-0325.nasl - Type : ACT_GATHER_INFO |
2009-01-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-0350.nasl - Type : ACT_GATHER_INFO |
2009-01-15 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-014-03.nasl - Type : ACT_GATHER_INFO |
2009-01-15 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-014-01.nasl - Type : ACT_GATHER_INFO |
2009-01-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1701.nasl - Type : ACT_GATHER_INFO |
2009-01-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1702.nasl - Type : ACT_GATHER_INFO |
2009-01-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1703.nasl - Type : ACT_GATHER_INFO |
2009-01-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0020.nasl - Type : ACT_GATHER_INFO |
2009-01-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0004.nasl - Type : ACT_GATHER_INFO |
2009-01-08 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0004.nasl - Type : ACT_GATHER_INFO |
2008-11-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0580.nasl - Type : ACT_GATHER_INFO |
2008-11-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0617.nasl - Type : ACT_GATHER_INFO |
2008-11-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0618.nasl - Type : ACT_GATHER_INFO |
2008-10-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_30866e6c3c6d11dd98c900163e000016.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gvim-4095.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-505-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_gvim-4092.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote host is missing Sun Security Patch number 114265-23 File : solaris9_x86_114265.nasl - Type : ACT_GATHER_INFO |
2007-09-25 | Name : The remote host is missing Sun Security Patch number 112837-24 File : solaris9_112837.nasl - Type : ACT_GATHER_INFO |
2007-09-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1364.nasl - Type : ACT_GATHER_INFO |
2007-08-28 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-168.nasl - Type : ACT_GATHER_INFO |
2007-07-30 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_1ed032223c6511dcb3d30016179b2dd5.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-03-04 13:26:25 |
|
2014-11-27 13:28:41 |
|
2014-02-17 12:07:11 |
|