Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SLACKWARE_SSA_2007-264-01.NASL
HistorySep 24, 2007 - 12:00 a.m.

Slackware 12.0 : kdebase, kdelibs (SSA:2007-264-01)

2007-09-2400:00:00
This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

EPSS

0.03

Percentile

91.1%

JSON

New kdebase packages are available for Slackware 12.0 to fix security issues. A long URL padded with spaces could be used to display a false URL in Konqueror’s addressbar, and KDM when used with no-password login could be tricked into logging a different user in without a password. This is not the way KDM is configured in Slackware by default, somewhat mitigating the impact of this issue.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Slackware Security Advisory 2007-264-01. The text 
# itself is copyright (C) Slackware Linux, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(26113);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2007-3820", "CVE-2007-4224", "CVE-2007-4225", "CVE-2007-4569");
  script_xref(name:"SSA", value:"2007-264-01");

  script_name(english:"Slackware 12.0 : kdebase, kdelibs (SSA:2007-264-01)");
  script_summary(english:"Checks for updated packages in /var/log/packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Slackware host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"New kdebase packages are available for Slackware 12.0 to fix security
issues. A long URL padded with spaces could be used to display a false
URL in Konqueror's addressbar, and KDM when used with no-password
login could be tricked into logging a different user in without a
password. This is not the way KDM is configured in Slackware by
default, somewhat mitigating the impact of this issue."
  );
  # http://www.kde.org/info/security/advisory-20070919-1.txt
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.kde.org/info/security/advisory-20070919-1.txt"
  );
  # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.455499
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4208d761"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kdebase and / or kdelibs packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_cwe_id(59, 264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:kdebase");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:kdelibs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/09/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Slackware Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("slackware.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);


flag = 0;
if (slackware_check(osver:"12.0", pkgname:"kdebase", pkgver:"3.5.7", pkgarch:"i486", pkgnum:"3_slack12.0")) flag++;
if (slackware_check(osver:"12.0", pkgname:"kdelibs", pkgver:"3.5.7", pkgarch:"i486", pkgnum:"3_slack12.0")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Related

slackware 1
openvas 36
nessus 22
fedora 7
oraclelinux 2
ubuntu 2
freebsd 2
redhat 2
centos 2
ubuntucve 5
cve 4
prion 4
cvelist 4
nvd 4
veracode 3
osv 1
redhatcve 1
securityvulns 2
debian 1
gentoo 1
slackware
slackware
[slackware-security] kdebase, kdelibs
2007-09-22 00:42:42
openvas
openvas
Fedora Update for kdebase FEDORA-2007-716
2009-02-27 00:00:00
Fedora Update for kdebase FEDORA-2007-716
2009-02-27 00:00:00
Fedora Update for kdebase FEDORA-2007-2361
2009-02-27 00:00:00
nessus
nessus
Fedora 7 : kdebase-3.5.7-13.1.fc7 (2007-2361)
2007-11-06 00:00:00
Fedora Core 6 : kdebase-3.5.7-1.fc6 / kdelibs-3.5.7-1.fc6 (2007-716)
2007-10-09 00:00:00
Scientific Linux Security Update : kdebase on SL5.x, SL4.x i386/x86_64
2012-08-01 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: kdebase-3.5.7-1.fc6
2007-10-08 13:58:41
[SECURITY] Fedora 7 Update: kdebase-3.5.7-13.1.fc7
2007-10-04 18:43:48
[SECURITY] Fedora 7 Update: kdebase-3.5.7-13.fc7
2007-08-20 16:04:15
oraclelinux
oraclelinux
Moderate: kdebase security update
2007-10-08 00:00:00
Moderate: kdelibs security update
2007-10-08 00:00:00
ubuntu
ubuntu
KDE vulnerabilities
2007-08-26 00:00:00
kdm vulnerability
2007-09-25 00:00:00
freebsd
freebsd
konquerer -- address bar spoofing
2007-09-14 00:00:00
kdm -- passwordless login vulnerability
2007-09-19 00:00:00
redhat
redhat
(RHSA-2007:0905) Moderate: kdebase security update
2007-10-08 00:00:00
(RHSA-2007:0909) Moderate: kdelibs security update
2007-10-08 00:00:00
centos
centos
kdebase security update
2007-10-08 18:50:43
kdelibs security update
2007-10-08 18:49:50
ubuntucve
ubuntucve
CVE-2007-3143
2007-06-11 00:00:00
CVE-2007-4224
2007-08-08 00:00:00
CVE-2007-3820
2007-07-17 00:00:00
cve
cve
CVE-2007-4224
2007-08-08 21:17:00
CVE-2007-3820
2007-07-17 01:30:00
CVE-2007-4225
2007-08-08 21:17:00
prion
prion
Code injection
2007-08-08 21:17:00
Code injection
2007-07-17 01:30:00
Design/Logic Flaw
2007-08-08 21:17:00
cvelist
cvelist
CVE-2007-4224
2007-08-08 21:00:00
CVE-2007-3820
2007-07-17 01:00:00
CVE-2007-4225
2007-08-08 21:00:00
nvd
nvd
CVE-2007-3820
2007-07-17 01:30:00
CVE-2007-4224
2007-08-08 21:17:00
CVE-2007-4569
2007-09-21 19:17:00
veracode
veracode
Phishing Attacks
2020-04-10 00:18:45
Phishing Attacks
2020-04-10 00:18:45
Authentication Bypass
2020-04-10 00:20:42
osv
osv
kdebase - programming error
2007-09-21 00:00:00
redhatcve
redhatcve
CVE-2007-4225
2015-10-30 09:43:06
securityvulns
securityvulns
[USN-517-1] kdm vulnerability
2007-09-25 00:00:00
KDE kdm privilege escalation
2007-09-25 00:00:00
debian
debian
[SECURITY] [DSA 1376-1] New kdebase packages fix authentication bypass
2007-09-21 11:27:29
gentoo
gentoo
KDM: Local privilege escalation
2007-10-14 00:00:00

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

EPSS

0.03

Percentile

91.1%

JSON
Related for SLACKWARE_SSA_2007-264-01.NASL
slackware1openvas36nessus22fedora7oraclelinux2ubuntu2freebsd2redhat2centos2ubuntucve5cve4prion4cvelist4nvd4veracode3osv1redhatcve1securityvulns2debian1gentoo1