Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.DEBIAN_DSA-155.NASL
HistorySep 29, 2004 - 12:00 a.m.

Debian DSA-155-1 : kdelibs - privacy escalation with Konqueror

2004-09-2900:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
15

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.011

Percentile

84.7%

JSON

Due to a security engineering oversight, the SSL library from KDE, which Konqueror uses, doesn’t check whether an intermediate certificate for a connection is signed by the certificate authority as safe for the purpose, but accepts it when it is signed. This makes it possible for anyone with a valid VeriSign SSL site certificate to forge any other VeriSign SSL site certificate, and abuse Konqueror users.

A local root exploit using artsd has been discovered which exploited an insecure use of a format string. The exploit wasn’t working on a Debian system since artsd wasn’t running setuid root. Neither artsd nor artswrapper need to be setuid root anymore since current computer systems are fast enough to handle the audio data in time.

These problems have been fixed in version 2.2.2-13.woody.2 for the current stable distribution (woody). The old stable distribution (potato) is not affected, since it doesn’t contain KDE packages. The unstable distribution (sid) is not yet fixed, but new packages are expected in the future, the fixed version will be version 2.2.2-14 or higher.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-155. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14992);
  script_version("1.21");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2002-0970");
  script_bugtraq_id(5410);
  script_xref(name:"DSA", value:"155");

  script_name(english:"Debian DSA-155-1 : kdelibs - privacy escalation with Konqueror");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Due to a security engineering oversight, the SSL library from KDE,
which Konqueror uses, doesn't check whether an intermediate
certificate for a connection is signed by the certificate authority as
safe for the purpose, but accepts it when it is signed. This makes it
possible for anyone with a valid VeriSign SSL site certificate to
forge any other VeriSign SSL site certificate, and abuse Konqueror
users.

A local root exploit using artsd has been discovered which exploited
an insecure use of a format string. The exploit wasn't working on a
Debian system since artsd wasn't running setuid root. Neither artsd
nor artswrapper need to be setuid root anymore since current computer
systems are fast enough to handle the audio data in time.

These problems have been fixed in version 2.2.2-13.woody.2 for the
current stable distribution (woody). The old stable distribution
(potato) is not affected, since it doesn't contain KDE packages. The
unstable distribution (sid) is not yet fixed, but new packages are
expected in the future, the fixed version will be version 2.2.2-14 or
higher."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2002/dsa-155"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade the kdelibs and libarts packages and restart Konqueror."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kdelibs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2002/08/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"kdelibs-dev", reference:"2.2.2-13.woody.2")) flag++;
if (deb_check(release:"3.0", prefix:"kdelibs3", reference:"2.2.2-13.woody.2")) flag++;
if (deb_check(release:"3.0", prefix:"kdelibs3-bin", reference:"2.2.2-13.woody.2")) flag++;
if (deb_check(release:"3.0", prefix:"kdelibs3-cups", reference:"2.2.2-13.woody.2")) flag++;
if (deb_check(release:"3.0", prefix:"kdelibs3-doc", reference:"2.2.2-13.woody.2")) flag++;
if (deb_check(release:"3.0", prefix:"libarts", reference:"2.2.2-13.woody.2")) flag++;
if (deb_check(release:"3.0", prefix:"libarts-alsa", reference:"2.2.2-13.woody.2")) flag++;
if (deb_check(release:"3.0", prefix:"libarts-dev", reference:"2.2.2-13.woody.2")) flag++;
if (deb_check(release:"3.0", prefix:"libkmid", reference:"2.2.2-13.woody.2")) flag++;
if (deb_check(release:"3.0", prefix:"libkmid-alsa", reference:"2.2.2-13.woody.2")) flag++;
if (deb_check(release:"3.0", prefix:"libkmid-dev", reference:"2.2.2-13.woody.2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Related

openvas 2
nvd 2
cve 2
cvelist 2
osv 1
nessus 4
debiancve 1
ubuntucve 1
prion 1
redhatcve 1
redhat 1
openvas
openvas
Debian Security Advisory DSA 155-1 (kdelibs)
2008-01-17 00:00:00
Debian Security Advisory DSA 155-1 (kdelibs)
2008-01-17 00:00:00
nvd
nvd
CVE-2002-0970
2002-09-24 04:00:00
CVE-2009-0653
2009-02-20 19:30:00
cve
cve
CVE-2002-0970
2004-09-01 04:00:00
CVE-2009-0653
2009-02-20 19:30:00
cvelist
cvelist
CVE-2002-0970
2004-09-01 04:00:00
CVE-2009-0653
2009-02-20 19:00:00
osv
osv
kdelibs - privacy escalation with Konqueror
2002-08-17 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : kdelibs (MDKSA-2002:058)
2004-07-31 00:00:00
OpenSSL 0.9.6 CA Basic Constraints Validation Vulnerability
2012-01-04 00:00:00
RHEL 2.1 : kdelibs (RHSA-2003:003)
2004-07-06 00:00:00
debiancve
debiancve
CVE-2009-0653
2009-02-20 19:30:00
ubuntucve
ubuntucve
CVE-2009-0653
2009-02-20 00:00:00
prion
prion
Sql injection
2009-02-20 19:30:00
redhatcve
redhatcve
CVE-2009-0653
2015-10-30 10:27:20
redhat
redhat
(RHSA-2003:003) kdelibs security update
2003-02-17 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.011

Percentile

84.7%

JSON
Related for DEBIAN_DSA-155.NASL
openvas2nvd2cve2cvelist2osv1nessus4debiancve1ubuntucve1prion1redhatcve1redhat1