Sign-up

ID

VAR-201103-0365


TITLE

Unknown security vulnerability exists in OpenSCAP

Trust: 0.6

sources: CNVD: CNVD-2011-1136

DESCRIPTION

OpenSCAP is an open source framework that integrates secure content automation protocols. There are unspecified security errors in OpenSCAP. No detailed vulnerability details are currently available. ---------------------------------------------------------------------- Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). http://secunia.com/company/events/mms_2011/ ---------------------------------------------------------------------- TITLE: OpenSCAP Unspecified Vulnerability SECUNIA ADVISORY ID: SA43740 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43740/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43740 RELEASE DATE: 2011-03-17 DISCUSS ADVISORY: http://secunia.com/advisories/43740/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43740/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43740 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability with unknown impacts has been reported in OpenSCAP. The vulnerability is reported in versions prior to 0.7.1. SOLUTION: Update to version 0.7.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: https://www.redhat.com/archives/open-scap-list/2011-March/msg00001.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 0.99

sources: CNVD: CNVD-2011-1136 // IVD: 6812dfe4-1f9b-11e6-abef-000c29c66e3d // IVD: 7d7b7e40-463f-11e9-8827-000c29342cb1 // PACKETSTORM: 99422

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 6812dfe4-1f9b-11e6-abef-000c29c66e3d // IVD: 7d7b7e40-463f-11e9-8827-000c29342cb1 // CNVD: CNVD-2011-1136

AFFECTED PRODUCTS

vendor:openscapmodel:openscapscope:eqversion:0.x

Trust: 0.6

vendor:openscapmodel: - scope:eqversion:*

Trust: 0.4

vendor:openscapmodel: - scope:eqversion:0.x

Trust: 0.4

sources: IVD: 6812dfe4-1f9b-11e6-abef-000c29c66e3d // IVD: 7d7b7e40-463f-11e9-8827-000c29342cb1 // CNVD: CNVD-2011-1136

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: 6812dfe4-1f9b-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 7d7b7e40-463f-11e9-8827-000c29342cb1
value: HIGH

Trust: 0.2

IVD: 6812dfe4-1f9b-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

IVD: 7d7b7e40-463f-11e9-8827-000c29342cb1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 6812dfe4-1f9b-11e6-abef-000c29c66e3d // IVD: 7d7b7e40-463f-11e9-8827-000c29342cb1

TYPE

other

Trust: 0.2

sources: IVD: 6812dfe4-1f9b-11e6-abef-000c29c66e3d

PATCH

title:OpenSCAP has an unspecified security vulnerability patchurl:https://www.cnvd.org.cn/patchinfo/show/3324

Trust: 0.6

sources: CNVD: CNVD-2011-1136

EXTERNAL IDS

db:CNVDid:CNVD-2011-1136

Trust: 1.0

db:SECUNIAid:43740

Trust: 0.7

db:IVDid:6812DFE4-1F9B-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:7D7B7E40-463F-11E9-8827-000C29342CB1

Trust: 0.2

db:PACKETSTORMid:99422

Trust: 0.1

sources: IVD: 6812dfe4-1f9b-11e6-abef-000c29c66e3d // IVD: 7d7b7e40-463f-11e9-8827-000c29342cb1 // CNVD: CNVD-2011-1136 // PACKETSTORM: 99422

REFERENCES

url:http://secunia.com/advisories/43740/

Trust: 0.7

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=43740

Trust: 0.1

url:http://secunia.com/products/corporate/evm/

Trust: 0.1

url:http://secunia.com/advisories/43740/#comments

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/company/events/mms_2011/

Trust: 0.1

url:https://www.redhat.com/archives/open-scap-list/2011-march/msg00001.html

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2011-1136 // PACKETSTORM: 99422

CREDITS

Secunia

Trust: 0.1

sources: PACKETSTORM: 99422

SOURCES

db:IVDid:6812dfe4-1f9b-11e6-abef-000c29c66e3d
db:IVDid:7d7b7e40-463f-11e9-8827-000c29342cb1
db:CNVDid:CNVD-2011-1136
db:PACKETSTORMid:99422

LAST UPDATE DATE

2022-05-17T02:04:46.310000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-1136date:2011-03-18T00:00:00

SOURCES RELEASE DATE

db:IVDid:6812dfe4-1f9b-11e6-abef-000c29c66e3ddate:2011-03-18T00:00:00
db:IVDid:7d7b7e40-463f-11e9-8827-000c29342cb1date:2011-03-18T00:00:00
db:CNVDid:CNVD-2011-1136date:2011-03-18T00:00:00
db:PACKETSTORMid:99422date:2011-03-18T07:47:24