Test ID:	1.3.6.1.4.1.25623.1.0.66211
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1931-1)
Summary:	The remote host is missing an update for the Debian 'nspr' package(s) announced via the DSA-1931-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'nspr' package(s) announced via the DSA-1931-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in the NetScape Portable Runtime Library, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1563 A programming error in the string handling code may lead to the execution of arbitrary code. CVE-2009-2463 An integer overflow in the Base64 decoding functions may lead to the execution of arbitrary code. The old stable distribution (etch) doesn't contain nspr. For the stable distribution (lenny), these problems have been fixed in version 4.7.1-5. For the unstable distribution (sid) these problems have been fixed in version 4.8.2-1. We recommend that you upgrade your NSPR packages. Affected Software/OS: 'nspr' package(s) on Debian 5. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0689 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html BugTraq ID: 35510 http://www.securityfocus.com/bid/35510 Bugtraq: 20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution) (Google Search) http://www.securityfocus.com/archive/1/507977/100/0/threaded Bugtraq: 20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution) (Google Search) http://www.securityfocus.com/archive/1/507979/100/0/threaded Bugtraq: 20091210 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution) (Google Search) http://www.securityfocus.com/archive/1/508423/100/0/threaded Bugtraq: 20091210 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution) (Google Search) http://www.securityfocus.com/archive/1/508417/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2009:294 http://www.mandriva.com/security/advisories?name=MDVSA-2009:330 http://secunia.com/secunia_research/2009-35/ https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541 http://www.redhat.com/support/errata/RHSA-2009-1601.html http://www.redhat.com/support/errata/RHSA-2010-0153.html http://www.redhat.com/support/errata/RHSA-2010-0154.html RedHat Security Advisories: RHSA-2014:0311 http://rhn.redhat.com/errata/RHSA-2014-0311.html RedHat Security Advisories: RHSA-2014:0312 http://rhn.redhat.com/errata/RHSA-2014-0312.html http://securitytracker.com/id?1022478 http://secunia.com/advisories/37431 http://secunia.com/advisories/37682 http://secunia.com/advisories/37683 http://secunia.com/advisories/38066 http://secunia.com/advisories/38977 http://secunia.com/advisories/39001 http://securityreason.com/achievement_securityalert/63 http://securityreason.com/achievement_securityalert/69 http://securityreason.com/achievement_securityalert/72 http://securityreason.com/achievement_securityalert/73 http://securityreason.com/achievement_securityalert/71 http://securityreason.com/achievement_securityalert/76 http://securityreason.com/achievement_securityalert/75 http://securityreason.com/achievement_securityalert/77 http://securityreason.com/achievement_securityalert/78 http://securityreason.com/achievement_securityalert/81 http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1 SuSE Security Announcement: SUSE-SR:2009:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://www.ubuntu.com/usn/USN-915-1 http://www.vupen.com/english/advisories/2009/3297 http://www.vupen.com/english/advisories/2009/3299 http://www.vupen.com/english/advisories/2009/3334 http://www.vupen.com/english/advisories/2010/0094 http://www.vupen.com/english/advisories/2010/0648 http://www.vupen.com/english/advisories/2010/0650 Common Vulnerability Exposure (CVE) ID: CVE-2009-2463 1020800 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1 265068 http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1 35758 http://www.securityfocus.com/bid/35758 35914 http://secunia.com/advisories/35914 35943 http://secunia.com/advisories/35943 35944 http://secunia.com/advisories/35944 35947 http://secunia.com/advisories/35947 36005 http://secunia.com/advisories/36005 36145 http://secunia.com/advisories/36145 38977 39001 ADV-2009-1972 http://www.vupen.com/english/advisories/2009/1972 ADV-2009-2152 http://www.vupen.com/english/advisories/2009/2152 ADV-2010-0648 ADV-2010-0650 FEDORA-2009-7961 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html RHSA-2009:1162 http://rhn.redhat.com/errata/RHSA-2009-1162.html RHSA-2009:1163 http://rhn.redhat.com/errata/RHSA-2009-1163.html RHSA-2010:0153 RHSA-2010:0154 SUSE-SA:2009:039 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html SUSE-SA:2009:042 http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html SUSE-SR:2010:013 USN-915-1 http://www.mozilla.org/security/announce/2009/mfsa2009-34.html http://www.mozilla.org/security/announce/2010/mfsa2010-07.html https://bugzilla.mozilla.org/show_bug.cgi?id=492779 oval:org.mitre.oval:def:10369 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10369
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.