Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_1_KDE4-KDNSSD-101119.NASL
HistoryMay 05, 2011 - 12:00 a.m.

openSUSE Security Update : kde4-kdnssd (openSUSE-SU-2010:1077-1)

2011-05-0500:00:00
This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

EPSS

0.006

Percentile

78.9%

JSON

This update of kdenetwork fixes several bugs, the security related issues are :

  • CVE-2010-1000: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): CWE-22 The ‘name’ attribute of the ‘file’ element of metalink files is not properly sanitised this can be exploited to download files to arbitrary directories.

  • CVE-2008-4776: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): CWE-119 The included libgadu version allowed remote servers to cause a denial of service (crash) via a buffer over-read.

Non-security issues :

  • bnc#653852: kopete: ICQ login broken; login server changed

  • bnc#516347: kopete cant connect to yahoo

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update kde4-kdnssd-3561.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(53664);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2008-4776", "CVE-2010-1000");

  script_name(english:"openSUSE Security Update : kde4-kdnssd (openSUSE-SU-2010:1077-1)");
  script_summary(english:"Check for the kde4-kdnssd-3561 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update of kdenetwork fixes several bugs, the security related
issues are :

  - CVE-2010-1000: CVSS v2 Base Score: 4.3
    (AV:N/AC:M/Au:N/C:N/I:P/A:N): CWE-22 The 'name'
    attribute of the 'file' element of metalink files is not
    properly sanitised this can be exploited to download
    files to arbitrary directories.

  - CVE-2008-4776: CVSS v2 Base Score: 4.3
    (AV:N/AC:M/Au:N/C:N/I:N/A:P): CWE-119 The included
    libgadu version allowed remote servers to cause a denial
    of service (crash) via a buffer over-read.

Non-security issues :

  - bnc#653852: kopete: ICQ login broken; login server
    changed

  - bnc#516347: kopete cant connect to yahoo"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=516347"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=525528"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=604709"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=653852"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2010-12/msg00043.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kde4-kdnssd packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kde4-kdnssd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kde4-kget");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kde4-knewsticker");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kde4-kopete");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kde4-kopete-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kde4-kppp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kde4-krdc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kde4-krfb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdenetwork4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdenetwork4-filesharing");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/11/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.1", reference:"kde4-kdnssd-4.1.3-4.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kde4-kget-4.1.3-4.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kde4-knewsticker-4.1.3-4.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kde4-kopete-4.1.3-4.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kde4-kopete-devel-4.1.3-4.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kde4-kppp-4.1.3-4.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kde4-krdc-4.1.3-4.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kde4-krfb-4.1.3-4.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kdenetwork4-4.1.3-4.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kdenetwork4-filesharing-4.1.3-4.15.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdenetwork");
}

Related

nessus 18
ubuntucve 3
securityvulns 5
debiancve 1
prion 3
ubuntu 2
openvas 95
altlinux 1
debian 1
cvelist 3
cve 2
redhatcve 1
nvd 2
fedora 61
oraclelinux 1
nessus
nessus
SuSE 10 Security Update : kdenetwork (ZYPP Patch Number 7245)
2010-12-23 00:00:00
SuSE 11 / 11.1 Security Update : kdenetwork (SAT Patch Numbers 3563 / 3564)
2010-12-16 00:00:00
openSUSE Security Update : kdenetwork4 (openSUSE-SU-2010:1076-1)
2014-06-13 00:00:00
ubuntucve
ubuntucve
CVE-2008-4776
2008-10-28 00:00:00
CVE-2010-1000
2010-05-12 00:00:00
CVE-2011-1586
2011-04-18 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 1664-1] New ekg packages fix denial of service
2008-11-11 00:00:00
DoS against libgadu / ekg Gadu-Gadu client
2008-11-11 00:00:00
[USN-938-1] KDENetwork vulnerability
2010-05-14 00:00:00
debiancve
debiancve
CVE-2008-4776
2008-10-28 19:46:09
prion
prion
Buffer overflow
2008-10-28 19:46:00
Directory traversal
2010-05-17 21:00:00
Directory traversal
2011-04-27 00:55:00
ubuntu
ubuntu
Gadu vulnerability
2008-12-17 00:00:00
KDENetwork vulnerabilities
2010-05-13 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-1664-1)
2008-11-19 00:00:00
Mandriva Security Advisory MDVSA-2009:208-1 (libgadu)
2009-12-10 00:00:00
Debian Security Advisory DSA 1664-1 (ekg)
2008-11-19 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package centerim version 4.22.8-alt1
2009-08-11 00:00:00
debian
debian
[SECURITY] [DSA 1664-1] New ekg packages fix denial of service
2008-11-10 18:52:41
cvelist
cvelist
CVE-2008-4776
2008-10-28 19:00:00
CVE-2010-1000
2010-05-17 20:42:00
CVE-2011-1586
2011-04-27 00:00:00
cve
cve
CVE-2008-4776
2008-10-28 19:46:09
CVE-2010-1000
2010-05-17 21:00:01
redhatcve
redhatcve
CVE-2008-4776
2019-10-04 20:37:21
nvd
nvd
CVE-2008-4776
2008-10-28 19:46:09
CVE-2010-1000
2010-05-17 21:00:01
fedora
fedora
[SECURITY] Fedora 15 Update: kdenetwork-4.6.2-2.fc15
2011-04-26 16:24:32
[SECURITY] Fedora 13 Update: kdeartwork-4.4.3-1.fc13.1
2010-05-26 21:42:53
[SECURITY] Fedora 13 Update: kdenetwork-4.5.5-2.fc13
2011-04-20 19:23:08
oraclelinux
oraclelinux
kdenetwork security update
2011-04-21 00:00:00

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

EPSS

0.006

Percentile

78.9%

JSON
Related for SUSE_11_1_KDE4-KDNSSD-101119.NASL
nessus18ubuntucve3securityvulns5debiancve1prion3ubuntu2openvas95altlinux1debian1cvelist3cve2redhatcve1nvd2fedora61oraclelinux1