Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_3_LIBMOON-DEVEL-101208.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : libmoon-devel (openSUSE-SU-2010:1062-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.347

Percentile

97.1%

JSON

Untrusted Moonlight apps could bypass constraints on methods which potentially allowed attackers to execute arbitrary code (CVE-2010-4254).

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update libmoon-devel-3672.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(75587);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2010-4254");

  script_name(english:"openSUSE Security Update : libmoon-devel (openSUSE-SU-2010:1062-1)");
  script_summary(english:"Check for the libmoon-devel-3672 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Untrusted Moonlight apps could bypass constraints on methods which
potentially allowed attackers to execute arbitrary code
(CVE-2010-4254)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=655847"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2010-12/msg00037.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libmoon-devel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmoon-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmoon0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-desktop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-desktop-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-plugin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moonlight-web-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/12/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.3", reference:"libmoon-devel-2.2-4.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"libmoon0-2.2-4.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"moonlight-desktop-2.2-4.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"moonlight-desktop-devel-2.2-4.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"moonlight-plugin-2.2-4.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"moonlight-tools-2.2-4.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"moonlight-web-devel-2.2-4.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmoon-devel / libmoon0 / moonlight-desktop / etc");
}

Related

cve 1
prion 1
packetstorm 1
nvd 1
ubuntucve 1
cvelist 1
exploitdb 1
nessus 4
fedora 2
openvas 6
gentoo 1
cve
cve
CVE-2010-4254
2010-12-06 13:44:54
prion
prion
Security feature bypass
2010-12-06 13:44:00
packetstorm
packetstorm
Mono/Moonlight Local Privilege Escalation
2011-01-11 00:00:00
nvd
nvd
CVE-2010-4254
2010-12-06 13:44:54
ubuntucve
ubuntucve
CVE-2010-4254
2010-12-06 00:00:00
cvelist
cvelist
CVE-2010-4254
2010-12-03 20:00:00
exploitdb
exploitdb
Mono/Moonlight Generic Type Argument - Privilege Escalation
2011-01-11 00:00:00
nessus
nessus
SuSE 11.1 Security Update : moonlight-plugin (SAT Patch Number 3606)
2011-01-21 00:00:00
SuSE 11.1 Security Update : moonlight (SAT Patch Number 3728)
2011-01-21 00:00:00
Fedora 14 : mono-2.6.7-4.fc14 / mono-addins-0.5-2.fc14 (2011-3393)
2011-04-01 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: mono-addins-0.5-2.fc14
2011-03-31 17:00:53
[SECURITY] Fedora 14 Update: mono-2.6.7-4.fc14
2011-03-31 17:00:53
openvas
openvas
Fedora Update for mono-addins FEDORA-2011-3393
2011-04-01 00:00:00
Fedora Update for mono FEDORA-2011-3393
2011-04-01 00:00:00
Fedora Update for mono-addins FEDORA-2011-3393
2011-04-01 00:00:00
gentoo
gentoo
Mono: Multiple vulnerabilities
2012-06-21 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.347

Percentile

97.1%

JSON
Related for SUSE_11_3_LIBMOON-DEVEL-101208.NASL
cve1prion1packetstorm1nvd1ubuntucve1cvelist1exploitdb1nessus4fedora2openvas6gentoo1