Lucene search
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_1_GWENVIEW-100906.NASLHistoryOct 06, 2010 - 12:00 a.m.
openSUSE Security Update : gwenview (openSUSE-SU-2010:0691-1)
2010-10-0600:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.06
Percentile
93.5%
This update fixes a heap-based overflow in okular. The RLE decompression in the TranscribePalmImageToJPEG() function can be exploited to execute arbitrary code with user privileges by providing a crafted PDF file. (CVE-2010-2575).
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update gwenview-3080.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(49754);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2010-2575");
script_name(english:"openSUSE Security Update : gwenview (openSUSE-SU-2010:0691-1)");
script_summary(english:"Check for the gwenview-3080 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update fixes a heap-based overflow in okular. The RLE
decompression in the TranscribePalmImageToJPEG() function can be
exploited to execute arbitrary code with user privileges by providing
a crafted PDF file. (CVE-2010-2575)."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=634743"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2010-10/msg00000.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected gwenview packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gwenview");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gwenview-lang");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kde4-gwenview");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kde4-kcolorchooser");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kde4-kgamma");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kde4-kio_kamera");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kde4-kolourpaint");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kde4-kruler");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kde4-ksnapshot");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kde4-okular");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kde4-okular-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdegraphics4");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libkdcraw7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libkdcraw7-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libkexiv2-7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libkexiv2-7-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libkipi-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libkipi5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libkipi5-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libksane0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1");
script_set_attribute(attribute:"patch_publication_date", value:"2010/09/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/06");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE11.1", reference:"gwenview-1.4.2-116.50.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"gwenview-lang-1.4.2-116.50.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kde4-gwenview-4.1.3-4.8.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kde4-kcolorchooser-4.1.3-4.8.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kde4-kgamma-4.1.3-4.8.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kde4-kio_kamera-4.1.3-4.8.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kde4-kolourpaint-4.1.3-4.8.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kde4-kruler-4.1.3-4.8.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kde4-ksnapshot-4.1.3-4.8.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kde4-okular-4.1.3-4.8.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kde4-okular-devel-4.1.3-4.8.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kdegraphics4-4.1.3-4.8.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"libkdcraw7-4.1.3-4.8.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"libkdcraw7-devel-4.1.3-4.8.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"libkexiv2-7-4.1.3-4.8.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"libkexiv2-7-devel-4.1.3-4.8.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"libkipi-devel-0.1.6-1.64.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"libkipi5-4.1.3-4.8.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"libkipi5-devel-4.1.3-4.8.2") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"libksane0-4.1.3-4.8.2") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gwenview / gwenview-lang / kde4-gwenview / kde4-kcolorchooser / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | gwenview | p-cpe:/a:novell:opensuse:gwenview |
| novell | opensuse | gwenview-lang | p-cpe:/a:novell:opensuse:gwenview-lang |
| novell | opensuse | kde4-gwenview | p-cpe:/a:novell:opensuse:kde4-gwenview |
| novell | opensuse | kde4-kcolorchooser | p-cpe:/a:novell:opensuse:kde4-kcolorchooser |
| novell | opensuse | kde4-kgamma | p-cpe:/a:novell:opensuse:kde4-kgamma |
| novell | opensuse | kde4-kio_kamera | p-cpe:/a:novell:opensuse:kde4-kio_kamera |
| novell | opensuse | kde4-kolourpaint | p-cpe:/a:novell:opensuse:kde4-kolourpaint |
| novell | opensuse | kde4-kruler | p-cpe:/a:novell:opensuse:kde4-kruler |
| novell | opensuse | kde4-ksnapshot | p-cpe:/a:novell:opensuse:kde4-ksnapshot |
| novell | opensuse | kde4-okular | p-cpe:/a:novell:opensuse:kde4-okular |
Related
slackware
slackware
[slackware-security] kdegraphics
2010-08-28 16:52:45
securityvulns
securityvulns
KDE okular buffer overflow
2010-08-30 00:00:00
[USN-979-1] okular vulnerability
2010-08-30 00:00:00
Secunia Research: KDE Okular PDB Parsing RLE Decompression Buffer Overflow
2010-08-30 00:00:00
nessus
nessus
GLSA-201311-20 : Okular: Arbitrary code execution
2013-11-29 00:00:00
SuSE 11 Security Update : okular. (SAT Patch Number 3064)
2010-12-02 00:00:00
openSUSE Security Update : gwenview (openSUSE-SU-2010:0691-1)
2014-06-13 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201311-20
2015-09-29 00:00:00
Slackware Advisory SSA:2010-240-03 kdegraphics
2012-09-11 00:00:00
Fedora Update for kdegraphics FEDORA-2010-13661
2010-08-30 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: kdegraphics-4.4.5-3.fc13
2010-08-27 06:48:48
[SECURITY] Fedora 14 Update: kdegraphics-4.5.0-2.fc14
2010-08-26 03:23:45
[SECURITY] Fedora 12 Update: kdegraphics-4.4.5-3.fc12
2010-08-27 06:54:07
prion
prion
Heap overflow
2010-08-30 21:00:00
gentoo
gentoo
Okular: Arbitrary code execution
2013-11-28 00:00:00
ubuntu
ubuntu
okular vulnerability
2010-08-27 00:00:00
ubuntucve
ubuntucve
CVE-2010-2575
2010-08-30 00:00:00
nvd
nvd
CVE-2010-2575
2010-08-30 21:00:02
cve
cve
CVE-2010-2575
2010-08-30 21:00:02
cvelist
cvelist
CVE-2010-2575
2010-08-30 20:00:00
debiancve
debiancve
CVE-2010-2575
2010-08-30 21:00:02
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.06
Percentile
93.5%
Related for SUSE_11_1_GWENVIEW-100906.NASL