Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2012-721.NASLHistoryJun 13, 2014 - 12:00 a.m.
openSUSE Security Update : chromium (openSUSE-SU-2012:1376-1)
2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.018
Percentile
88.2%
Chromium was upgraded to version 24.0.1290 which fixed multiple security flaws.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2012-721.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(74788);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2012-2874", "CVE-2012-2876", "CVE-2012-2877", "CVE-2012-2878", "CVE-2012-2879", "CVE-2012-2880", "CVE-2012-2881", "CVE-2012-2882", "CVE-2012-2883", "CVE-2012-2884", "CVE-2012-2885", "CVE-2012-2886", "CVE-2012-2887", "CVE-2012-2888", "CVE-2012-2889", "CVE-2012-2891", "CVE-2012-2892", "CVE-2012-2893", "CVE-2012-2894", "CVE-2012-2896");
script_bugtraq_id(55676);
script_name(english:"openSUSE Security Update : chromium (openSUSE-SU-2012:1376-1)");
script_summary(english:"Check for the openSUSE-2012-721 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Chromium was upgraded to version 24.0.1290 which fixed multiple
security flaws."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=782257"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2012-10/msg00066.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected chromium packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-gnome");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-kde");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-suid-helper");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
script_set_attribute(attribute:"patch_publication_date", value:"2012/10/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.1|SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1 / 12.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE12.1", reference:"chromedriver-24.0.1290.0-1.39.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"chromedriver-debuginfo-24.0.1290.0-1.39.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"chromium-24.0.1290.0-1.39.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"chromium-debuginfo-24.0.1290.0-1.39.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"chromium-debugsource-24.0.1290.0-1.39.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"chromium-desktop-gnome-24.0.1290.0-1.39.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"chromium-desktop-kde-24.0.1290.0-1.39.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"chromium-suid-helper-24.0.1290.0-1.39.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"chromium-suid-helper-debuginfo-24.0.1290.0-1.39.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"chromedriver-24.0.1290.0-1.19.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"chromedriver-debuginfo-24.0.1290.0-1.19.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"chromium-24.0.1290.0-1.19.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"chromium-debuginfo-24.0.1290.0-1.19.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"chromium-debugsource-24.0.1290.0-1.19.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"chromium-desktop-gnome-24.0.1290.0-1.19.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"chromium-desktop-kde-24.0.1290.0-1.19.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"chromium-suid-helper-24.0.1290.0-1.19.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"chromium-suid-helper-debuginfo-24.0.1290.0-1.19.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromedriver / chromedriver-debuginfo / chromium / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | chromedriver | p-cpe:/a:novell:opensuse:chromedriver |
| novell | opensuse | chromedriver-debuginfo | p-cpe:/a:novell:opensuse:chromedriver-debuginfo |
| novell | opensuse | chromium | p-cpe:/a:novell:opensuse:chromium |
| novell | opensuse | chromium-debuginfo | p-cpe:/a:novell:opensuse:chromium-debuginfo |
| novell | opensuse | chromium-debugsource | p-cpe:/a:novell:opensuse:chromium-debugsource |
| novell | opensuse | chromium-desktop-gnome | p-cpe:/a:novell:opensuse:chromium-desktop-gnome |
| novell | opensuse | chromium-desktop-kde | p-cpe:/a:novell:opensuse:chromium-desktop-kde |
| novell | opensuse | chromium-suid-helper | p-cpe:/a:novell:opensuse:chromium-suid-helper |
| novell | opensuse | chromium-suid-helper-debuginfo | p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo |
| novell | opensuse | 12.1 | cpe:/o:novell:opensuse:12.1 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2874
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2876
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2877
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2878
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2879
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2880
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2881
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2882
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2883
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2884
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2885
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2886
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2887
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2888
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2889
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2891
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2892
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2893
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2894
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2896
bugzilla.novell.com/show_bug.cgi?id=782257
lists.opensuse.org/opensuse-updates/2012-10/msg00066.html
Related
suse
suse
update for chromium (important)
2012-10-22 12:08:44
openvas
openvas
openSUSE: Security Advisory for update (openSUSE-SU-2012:1376-1)
2012-12-13 00:00:00
SuSE Update for update openSUSE-SU-2012:1376-1 (update)
2012-12-13 00:00:00
FreeBSD Ports: chromium
2012-10-03 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2012-09-25 00:00:00
nessus
nessus
FreeBSD : chromium -- multiple vulnerabilities (5bae2ab4-0820-11e2-be5f-00262d5ed8ee)
2012-09-27 00:00:00
Google Chrome < 22.0.1229.79 Multiple Vulnerabilities
2012-09-26 00:00:00
Google Chrome < 22.0.1229.79 Multiple Vulnerabilities
2012-09-26 00:00:00
chrome
chrome
Stable Channel Update
2012-09-25 00:00:00
threatpost
threatpost
Google Releases Chrome 22 and Pays Out Nearly $30K in Rewards
2012-09-26 14:16:00
gentoo
gentoo
Chromium: Multiple vulnerabilities
2012-10-21 00:00:00
libxslt: Denial of service
2014-01-10 00:00:00
ubuntucve
ubuntucve
prion
prion
Out-of-bounds
2012-09-26 10:56:00
Out-of-bounds
2012-09-26 10:56:00
Memory corruption
2012-09-26 10:56:00
debiancve
debiancve
nvd
nvd
cve
cve
cvelist
cvelist
osv
osv
libxslt - several
2012-10-05 00:00:00
debian
debian
[SECURITY] [DSA 2555-1] libxslt security update
2012-10-05 16:44:54
centos
centos
libxslt security update
2012-09-13 18:02:29
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:43:14
redhat
redhat
(RHSA-2012:1265) Important: libxslt security update
2012-09-13 00:00:00
(RHSA-2012:1325) Important: rhev-hypervisor6 security and bug fix update
2012-10-02 00:00:00
ubuntu
ubuntu
libxslt vulnerabilities
2012-10-04 00:00:00
securityvulns
securityvulns
[USN-1595-1] libxslt vulnerabilities
2012-10-05 00:00:00
libxslt multiple security vulnerabilities
2012-10-05 00:00:00
APPLE-SA-2013-03-14-2 Safari 6.0.3
2013-03-24 00:00:00
kitploit
kitploit
Radamsa - A General-Purpose Fuzzer
2024-03-25 11:30:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.018
Percentile
88.2%
Related for OPENSUSE-2012-721.NASL