CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
93.7%
New stable release, API and ABI compatible with previous 1.2.x versions
Fixes crashes with newer libpng (>= 1.4)
The patches to fix the following CVEs are included with help from Huzaifa Sidhpurwala <huzaifas at redhat.com> from the Red Hat security team
CVE-2010-4198 CVE-2010-4197 CVE-2010-4204 CVE-2010-4206 CVE-2010-1791 CVE-2010-3812 CVE-2010-3813 CVE-2010-4577
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2011-0121.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(51444);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2010-3812", "CVE-2010-3813", "CVE-2010-4197", "CVE-2010-4198", "CVE-2010-4204", "CVE-2010-4206", "CVE-2010-4577");
script_bugtraq_id(44954, 44960);
script_xref(name:"FEDORA", value:"2011-0121");
script_name(english:"Fedora 13 : webkitgtk-1.2.6-1.fc13 (2011-0121)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
" - New stable release, API and ABI compatible with previous
1.2.x versions
- Fixes crashes with newer libpng (>= 1.4)
- The patches to fix the following CVEs are included
with help from Huzaifa Sidhpurwala <huzaifas at
redhat.com> from the Red Hat security team
CVE-2010-4198 CVE-2010-4197 CVE-2010-4204 CVE-2010-4206 CVE-2010-1791
CVE-2010-3812 CVE-2010-3813 CVE-2010-4577
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=656115"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=656118"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=656126"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=656129"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=667022"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=667024"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=667025"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?f6d3c2f0"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected webkitgtk package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:webkitgtk");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13");
script_set_attribute(attribute:"patch_publication_date", value:"2011/01/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/10");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC13", reference:"webkitgtk-1.2.6-1.fc13")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "webkitgtk");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | webkitgtk | p-cpe:/a:fedoraproject:fedora:webkitgtk |
fedoraproject | fedora | 13 | cpe:/o:fedoraproject:fedora:13 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4577
www.nessus.org/u?f6d3c2f0
bugzilla.redhat.com/show_bug.cgi?id=656115
bugzilla.redhat.com/show_bug.cgi?id=656118
bugzilla.redhat.com/show_bug.cgi?id=656126
bugzilla.redhat.com/show_bug.cgi?id=656129
bugzilla.redhat.com/show_bug.cgi?id=667022
bugzilla.redhat.com/show_bug.cgi?id=667024
bugzilla.redhat.com/show_bug.cgi?id=667025
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
93.7%