Lucene search
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2003-163.NASLHistoryJul 06, 2004 - 12:00 a.m.
RHEL 2.1 : mozilla (RHSA-2003:163)
2004-07-0600:00:00
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.088
Percentile
94.6%
Updated Mozilla packages that fix various bugs and security issues in previous versions of Mozilla are now available.
Mozilla is an open source Web browser.
A heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
These errata packages upgrade Mozilla to version 1.0.2, which is not vulnerable to this issue. Mozilla 1.0.2 also contains a number of other stability and security updates.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2003:163. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(12394);
script_version("1.28");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2002-1308");
script_xref(name:"RHSA", value:"2003:163");
script_name(english:"RHEL 2.1 : mozilla (RHSA-2003:163)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated Mozilla packages that fix various bugs and security issues in
previous versions of Mozilla are now available.
Mozilla is an open source Web browser.
A heap-based buffer overflow in Netscape and Mozilla allows remote
attackers to execute arbitrary code via a jar: URL that references a
malformed .jar file, which overflows a buffer during decompression.
These errata packages upgrade Mozilla to version 1.0.2, which is not
vulnerable to this issue. Mozilla 1.0.2 also contains a number of
other stability and security updates."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2002-1308"
);
# http://www.mozilla.org/releases/mozilla1.0.2/
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/releases/mozilla1.0.2/"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2003:163"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:galeon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-chat");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-dom-inspector");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-js-debugger");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-mail");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nss");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nss-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-psm");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
script_set_attribute(attribute:"vuln_publication_date", value:"2002/11/29");
script_set_attribute(attribute:"patch_publication_date", value:"2003/10/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2003:163";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"galeon-1.2.11-0.2.1")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-1.0.2-4.2.1")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-chat-1.0.2-4.2.1")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-devel-1.0.2-4.2.1")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-dom-inspector-1.0.2-4.2.1")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-js-debugger-1.0.2-4.2.1")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-mail-1.0.2-4.2.1")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nspr-1.0.2-4.2.1")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nspr-devel-1.0.2-4.2.1")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nss-1.0.2-4.2.1")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nss-devel-1.0.2-4.2.1")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-psm-1.0.2-4.2.1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "galeon / mozilla / mozilla-chat / mozilla-devel / etc");
}
}
Related
redhat
redhat
(RHSA-2003:163) mozilla security update
2003-10-15 00:00:00
cve
cve
CVE-2002-1308
2004-09-01 04:00:00
cvelist
cvelist
CVE-2002-1308
2004-09-01 04:00:00
nvd
nvd
CVE-2002-1308
2002-11-29 05:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.088
Percentile
94.6%
Related for REDHAT-RHSA-2003-163.NASL