ID DEBIAN:DSA-3004-1:D05F2 Type debian Reporter Debian Modified 2014-08-10T22:34:59
Description
Debian Security Advisory DSA-3004-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 11, 2014 http://www.debian.org/security/faq
Package : kde4libs
CVE ID : CVE-2014-5033
Sebastian Krahmer discovered that Kauth used Policykit insecurely by
relying on the process ID. This could result in privilege escalation.
For the stable distribution (wheezy), this problem has been fixed in
version 4:4.8.4-4+deb7u1.
For the testing distribution (jessie), this problem has been fixed in
version 4:4.13.3-2.
For the unstable distribution (sid), this problem has been fixed in
version 4:4.13.3-2.
We recommend that you upgrade your kde4libs packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
{"id": "DEBIAN:DSA-3004-1:D05F2", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 3004-1] kde4libs security update", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3004-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nAugust 11, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : kde4libs\nCVE ID : CVE-2014-5033\n\nSebastian Krahmer discovered that Kauth used Policykit insecurely by \nrelying on the process ID. This could result in privilege escalation.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 4:4.8.4-4+deb7u1.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 4:4.13.3-2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4:4.13.3-2.\n\nWe recommend that you upgrade your kde4libs packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "published": "2014-08-10T22:34:59", "modified": "2014-08-10T22:34:59", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00186.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2014-5033"], "type": "debian", "lastseen": "2020-08-12T00:59:53", "edition": 7, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-5033"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310868280", "OPENVAS:1361412562310868274", "OPENVAS:1361412562310868268", "OPENVAS:1361412562310868313", "OPENVAS:1361412562310868234", "OPENVAS:1361412562310868223", "OPENVAS:1361412562310868246", "OPENVAS:1361412562310868345", "OPENVAS:1361412562310868300", "OPENVAS:1361412562310868189"]}, {"type": "fedora", "idList": ["FEDORA:27BBD222C7", "FEDORA:6C44A22AA9", "FEDORA:4E2F4225C7", "FEDORA:56CB722919", "FEDORA:0C1B3227AC", "FEDORA:9CE8C220D2", "FEDORA:E08FC222C7", "FEDORA:AA944220D2", "FEDORA:2AA2E225C7", "FEDORA:CB86B22D4D"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_2F90556F18C611E49CC45453ED2E2B49.NASL", "FEDORA_2014-11348.NASL", "FEDORA_2014-11448.NASL", "FEDORA_2014-9602.NASL"]}, {"type": "freebsd", "idList": ["2F90556F-18C6-11E4-9CC4-5453ED2E2B49"]}, {"type": "centos", "idList": ["CESA-2014:1359"]}], "modified": "2020-08-12T00:59:53", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2020-08-12T00:59:53", "rev": 2}, "vulnersScore": 5.2}, "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "arch": "all", "operator": "lt", "packageFilename": "kde4libs_4:4.8.4-4+deb7u1_all.deb", "packageName": "kde4libs", "packageVersion": "4:4.8.4-4+deb7u1"}], "scheme": null}
{"cve": [{"lastseen": "2020-12-09T19:58:25", "description": "KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and \"PID reuse race conditions.\"", "edition": 5, "cvss3": {}, "published": "2014-08-19T18:55:00", "title": "CVE-2014-5033", "type": "cve", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5033"], "modified": "2014-10-16T07:22:00", "cpe": ["cpe:/a:kde:kdelibs:4.12.2", "cpe:/a:kde:kdelibs:4.11.80", "cpe:/a:kde:kdelibs:4.13.1", "cpe:/a:kde:kdelibs:4.10.0", "cpe:/a:debian:kde4libs:-", "cpe:/a:kde:kdelibs:4.13.3", "cpe:/a:kde:kdelibs:4.12.80", "cpe:/a:kde:kdelibs:4.10.97", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:kde:kdelibs:4.11.5", "cpe:/a:kde:kdelibs:4.12.1", "cpe:/a:kde:kdelibs:4.10.2", "cpe:/a:kde:kdelibs:4.11.97", "cpe:/a:kde:kdelibs:4.13.2", "cpe:/a:kde:kdelibs:4.10.1", "cpe:/a:kde:kdelibs:4.12.5", "cpe:/a:kde:kauth:5.0", "cpe:/a:kde:kdelibs:4.12.97", "cpe:/a:kde:kdelibs:4.11.3", "cpe:/a:kde:kdelibs:4.10.3", "cpe:/a:kde:kdelibs:4.13.80", "cpe:/a:kde:kdelibs:4.11.90", "cpe:/a:kde:kdelibs:4.12.4", "cpe:/a:kde:kdelibs:4.12.0", "cpe:/a:kde:kdelibs:4.13.0", "cpe:/a:kde:kdelibs:4.13.95", "cpe:/a:kde:kdelibs:4.13.97", "cpe:/a:kde:kdelibs:4.12.90", "cpe:/a:kde:kdelibs:4.11.4", "cpe:/a:kde:kdelibs:4.11.2", "cpe:/a:kde:kdelibs:4.11.95", "cpe:/a:kde:kdelibs:4.13.90", "cpe:/a:kde:kdelibs:4.11.0", "cpe:/a:kde:kdelibs:4.10.95", "cpe:/a:kde:kdelibs:4.12.95", "cpe:/a:kde:kdelibs:4.12.3", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/a:kde:kdelibs:4.11.1"], "id": "CVE-2014-5033", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5033", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:kde:kdelibs:4.12.4:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.12.97:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.11.5:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.11.4:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.13.90:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.12.5:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.13.97:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.11.90:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.10.95:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.13.2:*:*:*:*:*:*:*", "cpe:2.3:a:debian:kde4libs:-:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.13.95:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.13.3:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.10.97:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.12.80:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.11.95:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.12.95:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.11.97:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.13.80:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.12.90:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kauth:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.12.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:kde:kdelibs:4.11.80:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:37:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310868263", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868263", "type": "openvas", "title": "Fedora Update for kgamma FEDORA-2014-11448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kgamma FEDORA-2014-11448\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868263\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:58:23 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-5033\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for kgamma FEDORA-2014-11448\");\n script_tag(name:\"affected\", value:\"kgamma on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11448\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138771.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kgamma'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"kgamma\", rpm:\"kgamma~4.14.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310868248", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868248", "type": "openvas", "title": "Fedora Update for ksystemlog FEDORA-2014-11448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ksystemlog FEDORA-2014-11448\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868248\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:59:41 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-5033\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for ksystemlog FEDORA-2014-11448\");\n script_tag(name:\"affected\", value:\"ksystemlog on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11448\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138798.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ksystemlog'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"ksystemlog\", rpm:\"ksystemlog~4.14.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310868255", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868255", "type": "openvas", "title": "Fedora Update for gwenview FEDORA-2014-11448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gwenview FEDORA-2014-11448\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868255\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:59:33 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-5033\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for gwenview FEDORA-2014-11448\");\n script_tag(name:\"affected\", value:\"gwenview on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11448\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138725.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gwenview'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"gwenview\", rpm:\"gwenview~4.14.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310868284", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868284", "type": "openvas", "title": "Fedora Update for kgpg FEDORA-2014-11448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kgpg FEDORA-2014-11448\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868284\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 17:00:36 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-5033\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for kgpg FEDORA-2014-11448\");\n script_tag(name:\"affected\", value:\"kgpg on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11448\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138773.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kgpg'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"kgpg\", rpm:\"kgpg~4.14.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310868227", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868227", "type": "openvas", "title": "Fedora Update for kdeedu FEDORA-2014-11448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdeedu FEDORA-2014-11448\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868227\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:57:59 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-5033\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for kdeedu FEDORA-2014-11448\");\n script_tag(name:\"affected\", value:\"kdeedu on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11448\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138748.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kdeedu'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdeedu\", rpm:\"kdeedu~4.14.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310868300", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868300", "type": "openvas", "title": "Fedora Update for kcalc FEDORA-2014-11448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kcalc FEDORA-2014-11448\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868300\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:59:03 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-5033\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for kcalc FEDORA-2014-11448\");\n script_tag(name:\"affected\", value:\"kcalc on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11448\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138741.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kcalc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"kcalc\", rpm:\"kcalc~4.14.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310868228", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868228", "type": "openvas", "title": "Fedora Update for qyoto FEDORA-2014-11448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qyoto FEDORA-2014-11448\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868228\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:59:00 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-5033\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for qyoto FEDORA-2014-11448\");\n script_tag(name:\"affected\", value:\"qyoto on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11448\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138820.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qyoto'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"qyoto\", rpm:\"qyoto~4.14.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310868289", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868289", "type": "openvas", "title": "Fedora Update for kalzium FEDORA-2014-11448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kalzium FEDORA-2014-11448\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868289\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:58:45 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-5033\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for kalzium FEDORA-2014-11448\");\n script_tag(name:\"affected\", value:\"kalzium on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11448\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138735.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kalzium'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"kalzium\", rpm:\"kalzium~4.14.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-09-20T00:00:00", "id": "OPENVAS:1361412562310868189", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868189", "type": "openvas", "title": "Fedora Update for polkit-qt FEDORA-2014-9602", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for polkit-qt FEDORA-2014-9602\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868189\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-20 05:59:43 +0200 (Sat, 20 Sep 2014)\");\n script_cve_id(\"CVE-2014-5033\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for polkit-qt FEDORA-2014-9602\");\n script_tag(name:\"affected\", value:\"polkit-qt on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-9602\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/137764.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'polkit-qt'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"polkit-qt\", rpm:\"polkit-qt~0.112.0~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310868269", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868269", "type": "openvas", "title": "Fedora Update for kde-l10n FEDORA-2014-11448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kde-l10n FEDORA-2014-11448\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868269\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:59:24 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-5033\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for kde-l10n FEDORA-2014-11448\");\n script_tag(name:\"affected\", value:\"kde-l10n on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11448\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138742.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kde-l10n'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"kde-l10n\", rpm:\"kde-l10n~4.14.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "Memory Enhancement Game. ", "modified": "2014-09-27T09:47:43", "published": "2014-09-27T09:47:43", "id": "FEDORA:2D6A522A1E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: blinken-4.14.1-1.fc20", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "kdeedu metapackage, to ease migration to split applications ", "modified": "2014-09-27T09:47:45", "published": "2014-09-27T09:47:45", "id": "FEDORA:0A84B2276E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: kdeedu-4.14.1-1.fc20", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "KDE Network Monitor for DNS-SD services (Zeroconf). ", "modified": "2014-09-27T09:47:47", "published": "2014-09-27T09:47:47", "id": "FEDORA:27BBD222C7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: kdnssd-4.14.1-1.fc20", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "CDDB retrieval library. ", "modified": "2014-09-27T09:47:50", "published": "2014-09-27T09:47:50", "id": "FEDORA:0C1B3227AC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: libkcddb-4.14.1-1.fc20", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "This package includes bindings for KDE libraries. ", "modified": "2014-09-27T09:47:52", "published": "2014-09-27T09:47:52", "id": "FEDORA:0E4F022A45", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: smokekde-4.14.1-1.fc20", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "An easy-to-use paint program. ", "modified": "2014-09-27T09:47:48", "published": "2014-09-27T09:47:48", "id": "FEDORA:720F6220D2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: kolourpaint-4.14.1-1.fc20", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "KDE volume control. ", "modified": "2014-09-27T09:47:48", "published": "2014-09-27T09:47:48", "id": "FEDORA:2EDCC2276E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: kmix-4.14.1-1.fc20", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "Kipi (KDE Image Plugin Interface) is an effort to develop a common plugin structure (for Digikam, Gwenview, etc.). Its aim is to share image plugins among graphic applications. ", "modified": "2014-09-27T09:47:50", "published": "2014-09-27T09:47:50", "id": "FEDORA:69004220D2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: libkipi-4.14.1-1.fc20", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "Kdegraphics metapackage, to ease migration to split applications ", "modified": "2014-09-27T09:47:45", "published": "2014-09-27T09:47:45", "id": "FEDORA:216EB22787", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: kdegraphics-4.14.1-1.fc20", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "Nepomuk Widgets. ", "modified": "2014-09-27T09:47:51", "published": "2014-09-27T09:47:51", "id": "FEDORA:B788922A25", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: nepomuk-widgets-4.14.1-1.fc20", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-12T10:12:04", "description": "The update has a fix for CVE-2014-5033, KAuth was calling PolicyKit 1\n(polkit) in an insecure way.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-10-11T00:00:00", "title": "Fedora 19 : kdelibs-4.11.5-5.fc19 (2014-11348)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "modified": "2014-10-11T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:kdelibs"], "id": "FEDORA_2014-11348.NASL", "href": "https://www.tenable.com/plugins/nessus/78241", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-11348.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78241);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-5033\");\n script_bugtraq_id(68771);\n script_xref(name:\"FEDORA\", value:\"2014-11348\");\n\n script_name(english:\"Fedora 19 : kdelibs-4.11.5-5.fc19 (2014-11348)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The update has a fix for CVE-2014-5033, KAuth was calling PolicyKit 1\n(polkit) in an insecure way.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1094890\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-October/140293.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c79ee02d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"kdelibs-4.11.5-5.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:15:01", "description": "Updated polkit-qt packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nPolkit-qt is a library that lets developers use the PolicyKit API\nthrough a Qt-styled API. The polkit-qt library is used by the KDE\nAuthentication Agent (KAuth), which is a part of kdelibs.\n\nIt was found that polkit-qt handled authorization requests with\nPolicyKit via a D-Bus API that is vulnerable to a race condition. A\nlocal user could use this flaw to bypass intended PolicyKit\nauthorizations. This update modifies polkit-qt to communicate with\nPolicyKit via a different API that is not vulnerable to the race\ncondition. (CVE-2014-5033)\n\nAll polkit-qt users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.", "edition": 25, "published": "2014-10-07T00:00:00", "title": "RHEL 7 : polkit-qt (RHSA-2014:1359)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "modified": "2014-10-07T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:polkit-qt-devel", "cpe:/o:redhat:enterprise_linux:7.7", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:polkit-qt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:polkit-qt", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:polkit-qt-doc"], "id": "REDHAT-RHSA-2014-1359.NASL", "href": "https://www.tenable.com/plugins/nessus/78073", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1359. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78073);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-5033\");\n script_xref(name:\"RHSA\", value:\"2014:1359\");\n\n script_name(english:\"RHEL 7 : polkit-qt (RHSA-2014:1359)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated polkit-qt packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nPolkit-qt is a library that lets developers use the PolicyKit API\nthrough a Qt-styled API. The polkit-qt library is used by the KDE\nAuthentication Agent (KAuth), which is a part of kdelibs.\n\nIt was found that polkit-qt handled authorization requests with\nPolicyKit via a D-Bus API that is vulnerable to a race condition. A\nlocal user could use this flaw to bypass intended PolicyKit\nauthorizations. This update modifies polkit-qt to communicate with\nPolicyKit via a different API that is not vulnerable to the race\ncondition. (CVE-2014-5033)\n\nAll polkit-qt users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-5033\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:polkit-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:polkit-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:polkit-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:polkit-qt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1359\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"polkit-qt-0.103.0-10.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"polkit-qt-debuginfo-0.103.0-10.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"polkit-qt-devel-0.103.0-10.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"polkit-qt-doc-0.103.0-10.el7_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"polkit-qt / polkit-qt-debuginfo / polkit-qt-devel / polkit-qt-doc\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:13:08", "description": "updated to the new release of polkit-qt\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-09-22T00:00:00", "title": "Fedora 20 : polkit-qt-0.112.0-1.fc20 (2014-9641)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "modified": "2014-09-22T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:polkit-qt", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-9641.NASL", "href": "https://www.tenable.com/plugins/nessus/77772", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-9641.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77772);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-5033\");\n script_bugtraq_id(68771);\n script_xref(name:\"FEDORA\", value:\"2014-9641\");\n\n script_name(english:\"Fedora 20 : polkit-qt-0.112.0-1.fc20 (2014-9641)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"updated to the new release of polkit-qt\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1094890\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-September/137844.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?27852492\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected polkit-qt package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:polkit-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"polkit-qt-0.112.0-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"polkit-qt\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:29:46", "description": "Updated polkit-qt packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nPolkit-qt is a library that lets developers use the PolicyKit API\nthrough a Qt-styled API. The polkit-qt library is used by the KDE\nAuthentication Agent (KAuth), which is a part of kdelibs.\n\nIt was found that polkit-qt handled authorization requests with\nPolicyKit via a D-Bus API that is vulnerable to a race condition. A\nlocal user could use this flaw to bypass intended PolicyKit\nauthorizations. This update modifies polkit-qt to communicate with\nPolicyKit via a different API that is not vulnerable to the race\ncondition. (CVE-2014-5033)\n\nAll polkit-qt users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.", "edition": 23, "published": "2014-10-07T00:00:00", "title": "CentOS 7 : polkit-qt (CESA-2014:1359)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "modified": "2014-10-07T00:00:00", "cpe": ["p-cpe:/a:centos:centos:polkit-qt-devel", "p-cpe:/a:centos:centos:polkit-qt", "p-cpe:/a:centos:centos:polkit-qt-doc", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2014-1359.NASL", "href": "https://www.tenable.com/plugins/nessus/78070", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1359 and \n# CentOS Errata and Security Advisory 2014:1359 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78070);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-5033\");\n script_xref(name:\"RHSA\", value:\"2014:1359\");\n\n script_name(english:\"CentOS 7 : polkit-qt (CESA-2014:1359)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated polkit-qt packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nPolkit-qt is a library that lets developers use the PolicyKit API\nthrough a Qt-styled API. The polkit-qt library is used by the KDE\nAuthentication Agent (KAuth), which is a part of kdelibs.\n\nIt was found that polkit-qt handled authorization requests with\nPolicyKit via a D-Bus API that is vulnerable to a race condition. A\nlocal user could use this flaw to bypass intended PolicyKit\nauthorizations. This update modifies polkit-qt to communicate with\nPolicyKit via a different API that is not vulnerable to the race\ncondition. (CVE-2014-5033)\n\nAll polkit-qt users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-October/020671.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d100244d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected polkit-qt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-5033\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:polkit-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:polkit-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:polkit-qt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"polkit-qt-0.103.0-10.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"polkit-qt-devel-0.103.0-10.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"polkit-qt-doc-0.103.0-10.el7_0\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"polkit-qt / polkit-qt-devel / polkit-qt-doc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:27:39", "description": "It was discovered that kauth was using polkit in an unsafe manner. A\nlocal attacker could possibly use this issue to bypass intended polkit\nauthorizations.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2014-08-01T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS : kde4libs vulnerability (USN-2304-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "modified": "2014-08-01T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:kdelibs5-plugins", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2304-1.NASL", "href": "https://www.tenable.com/plugins/nessus/76962", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2304-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76962);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-5033\");\n script_bugtraq_id(68771);\n script_xref(name:\"USN\", value:\"2304-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS : kde4libs vulnerability (USN-2304-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that kauth was using polkit in an unsafe manner. A\nlocal attacker could possibly use this issue to bypass intended polkit\nauthorizations.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2304-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs5-plugins package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs5-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"kdelibs5-plugins\", pkgver:\"4:4.8.5-0ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"kdelibs5-plugins\", pkgver:\"4:4.13.2a-0ubuntu0.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs5-plugins\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:48:43", "description": "Sebastian Krahmer discovered that Kauth used Policykit insecurely by\nrelying on the process ID. This could result in privilege escalation.", "edition": 15, "published": "2014-08-12T00:00:00", "title": "Debian DSA-3004-1 : kde4libs - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "modified": "2014-08-12T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:kde4libs"], "id": "DEBIAN_DSA-3004.NASL", "href": "https://www.tenable.com/plugins/nessus/77123", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3004. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77123);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-5033\");\n script_bugtraq_id(68771);\n script_xref(name:\"DSA\", value:\"3004\");\n\n script_name(english:\"Debian DSA-3004-1 : kde4libs - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sebastian Krahmer discovered that Kauth used Policykit insecurely by\nrelying on the process ID. This could result in privilege escalation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/kde4libs\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3004\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the kde4libs packages.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 4:4.8.4-4+deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kde4libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"kdelibs-bin\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"kdelibs5-data\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"kdelibs5-dbg\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"kdelibs5-dev\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"kdelibs5-plugins\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"kdoctools\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkcmutils4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkde3support4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkdeclarative5\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkdecore5\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkdesu5\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkdeui5\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkdewebkit5\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkdnssd4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkemoticons4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkfile4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkhtml5\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkidletime4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkimproxy4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkio5\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkjsapi4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkjsembed4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkmediaplayer4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libknewstuff2-4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libknewstuff3-4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libknotifyconfig4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkntlm4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkparts4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkprintutils4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkpty4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkrosscore4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkrossui4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libktexteditor4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkunitconversion4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkutils4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libnepomuk4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libnepomukquery4a\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libnepomukutils4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libplasma3\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libsolid4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libthreadweaver4\", reference:\"4:4.8.4-4+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:44:11", "description": "It was discovered that KAuth, part of kdelibs, uses polkit in a way\nthat is prone to a race condition that may allow authorization bypass.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 14, "published": "2015-03-26T00:00:00", "title": "Debian DLA-76-1 : kde4libs security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "modified": "2015-03-26T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libkde3support4", "p-cpe:/a:debian:debian_linux:libkio5", "cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:libkrosscore4", "p-cpe:/a:debian:debian_linux:kdelibs5-plugins", "p-cpe:/a:debian:debian_linux:libknewstuff2-4", "p-cpe:/a:debian:debian_linux:libkjsembed4", "p-cpe:/a:debian:debian_linux:libnepomuk4", "p-cpe:/a:debian:debian_linux:libkdecore5", "p-cpe:/a:debian:debian_linux:libkhtml5", "p-cpe:/a:debian:debian_linux:libkutils4", "p-cpe:/a:debian:debian_linux:kdelibs5-dbg", "p-cpe:/a:debian:debian_linux:libkdewebkit5", "p-cpe:/a:debian:debian_linux:kdelibs-bin", "p-cpe:/a:debian:debian_linux:libknewstuff3-4", "p-cpe:/a:debian:debian_linux:kdelibs5-data", "p-cpe:/a:debian:debian_linux:libkunitconversion4", "p-cpe:/a:debian:debian_linux:libkntlm4", "p-cpe:/a:debian:debian_linux:libknotifyconfig4", "p-cpe:/a:debian:debian_linux:libnepomukquery4a", "p-cpe:/a:debian:debian_linux:libthreadweaver4", "p-cpe:/a:debian:debian_linux:libktexteditor4", "p-cpe:/a:debian:debian_linux:libkimproxy4", "p-cpe:/a:debian:debian_linux:libkrossui4", "p-cpe:/a:debian:debian_linux:kdelibs5-dev", "p-cpe:/a:debian:debian_linux:libkjsapi4", "p-cpe:/a:debian:debian_linux:libkfile4", "p-cpe:/a:debian:debian_linux:libkdnssd4", "p-cpe:/a:debian:debian_linux:libkpty4", "p-cpe:/a:debian:debian_linux:libsolid4", "p-cpe:/a:debian:debian_linux:libkdeui5", "p-cpe:/a:debian:debian_linux:libkdesu5", "p-cpe:/a:debian:debian_linux:libkmediaplayer4", "p-cpe:/a:debian:debian_linux:libkparts4", "p-cpe:/a:debian:debian_linux:libplasma3", "p-cpe:/a:debian:debian_linux:kdoctools", "p-cpe:/a:debian:debian_linux:kdelibs5"], "id": "DEBIAN_DLA-76.NASL", "href": "https://www.tenable.com/plugins/nessus/82221", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-76-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82221);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-5033\");\n script_bugtraq_id(68771);\n\n script_name(english:\"Debian DLA-76-1 : kde4libs security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that KAuth, part of kdelibs, uses polkit in a way\nthat is prone to a race condition that may allow authorization bypass.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/10/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/kde4libs\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kdelibs-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kdelibs5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kdelibs5-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kdelibs5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kdelibs5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kdelibs5-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kdoctools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkde3support4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkdecore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkdesu5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkdeui5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkdewebkit5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkdnssd4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkfile4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkhtml5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkimproxy4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkio5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkjsapi4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkjsembed4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkmediaplayer4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libknewstuff2-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libknewstuff3-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libknotifyconfig4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkntlm4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkparts4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkpty4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkrosscore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkrossui4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libktexteditor4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkunitconversion4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkutils4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnepomuk4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnepomukquery4a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libplasma3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsolid4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libthreadweaver4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"kdelibs-bin\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"kdelibs5\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"kdelibs5-data\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"kdelibs5-dbg\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"kdelibs5-dev\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"kdelibs5-plugins\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"kdoctools\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libkde3support4\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libkdecore5\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libkdesu5\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libkdeui5\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libkdewebkit5\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libkdnssd4\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libkfile4\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libkhtml5\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libkimproxy4\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libkio5\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libkjsapi4\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libkjsembed4\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libkmediaplayer4\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libknewstuff2-4\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libknewstuff3-4\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libknotifyconfig4\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libkntlm4\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libkparts4\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libkpty4\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libkrosscore4\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libkrossui4\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libktexteditor4\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libkunitconversion4\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libkutils4\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libnepomuk4\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libnepomukquery4a\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libplasma3\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libsolid4\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libthreadweaver4\", reference:\"4:4.4.5-2+squeeze4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:27:49", "description": "KDE4 Libraries and Workspace received a security fix to fix a race\ncondition in DBUS/Polkit authorization, where local attackers could\npotentially call root KDE services without proper authenticiation.\n(CVE-2014-5033)\n\nAdditionaly a interlaced GIF display bug in KHTML was fixed.\n(kde#330148)\n\nThis update also includes a kdebase4-workspace minor version update to\n4.11.11 with various bugfixes.", "edition": 18, "published": "2014-08-12T00:00:00", "title": "openSUSE Security Update : kdelibs4 (openSUSE-SU-2014:0981-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "modified": "2014-08-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libkde4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:kdebase4-workspace", "p-cpe:/a:novell:opensuse:kdebase4-workspace-debugsource", "p-cpe:/a:novell:opensuse:libksuseinstall1-debuginfo", "p-cpe:/a:novell:opensuse:kdebase4-workspace-ksysguardd", "p-cpe:/a:novell:opensuse:libkdecore4-devel-debuginfo", "p-cpe:/a:novell:opensuse:kdelibs4-doc-debuginfo", "p-cpe:/a:novell:opensuse:kdebase4-workspace-branding-upstream", "p-cpe:/a:novell:opensuse:libksuseinstall1-32bit", "p-cpe:/a:novell:opensuse:libkde4-devel", "p-cpe:/a:novell:opensuse:libkdecore4-debuginfo", "p-cpe:/a:novell:opensuse:kdebase4-workspace-liboxygenstyle-debuginfo", "p-cpe:/a:novell:opensuse:kdebase4-workspace-liboxygenstyle-32bit", "p-cpe:/a:novell:opensuse:krandr", "p-cpe:/a:novell:opensuse:kdm-debuginfo", "p-cpe:/a:novell:opensuse:krandr-debuginfo", "p-cpe:/a:novell:opensuse:kdebase4-workspace-ksysguardd-debuginfo", "p-cpe:/a:novell:opensuse:libksuseinstall1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libkdecore4-devel", "p-cpe:/a:novell:opensuse:libkde4-32bit", "p-cpe:/a:novell:opensuse:kdebase4-workspace-plasma-calendar", "p-cpe:/a:novell:opensuse:libksuseinstall1", "p-cpe:/a:novell:opensuse:libkdecore4-32bit", "p-cpe:/a:novell:opensuse:kdebase4-workspace-devel", "p-cpe:/a:novell:opensuse:kdelibs4-core-debuginfo", "p-cpe:/a:novell:opensuse:kdebase4-workspace-liboxygenstyle", "p-cpe:/a:novell:opensuse:kwin-debuginfo", "p-cpe:/a:novell:opensuse:libkde4-debuginfo", "p-cpe:/a:novell:opensuse:kdebase4-workspace-debuginfo", "p-cpe:/a:novell:opensuse:kdelibs4-core", "p-cpe:/a:novell:opensuse:kde4-kgreeter-plugins-debuginfo", "p-cpe:/a:novell:opensuse:kdebase4-workspace-plasma-calendar-debuginfo", "p-cpe:/a:novell:opensuse:kwin", "p-cpe:/a:novell:opensuse:kdebase4-workspace-devel-debuginfo", "p-cpe:/a:novell:opensuse:libkdecore4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python-kdebase4", "p-cpe:/a:novell:opensuse:kdm-branding-upstream", "p-cpe:/a:novell:opensuse:kdelibs4-apidocs", "p-cpe:/a:novell:opensuse:kdelibs4-debuginfo", "p-cpe:/a:novell:opensuse:kdebase4-workspace-liboxygenstyle-debuginfo-32bit", "p-cpe:/a:novell:opensuse:kdelibs4-branding-upstream", "p-cpe:/a:novell:opensuse:libksuseinstall-devel", "p-cpe:/a:novell:opensuse:kdelibs4-debugsource", "p-cpe:/a:novell:opensuse:kdm", "p-cpe:/a:novell:opensuse:libkde4", "p-cpe:/a:novell:opensuse:kde4-kgreeter-plugins", "p-cpe:/a:novell:opensuse:libkdecore4", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:kdelibs4"], "id": "OPENSUSE-2014-485.NASL", "href": "https://www.tenable.com/plugins/nessus/77129", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-485.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77129);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-5033\");\n\n script_name(english:\"openSUSE Security Update : kdelibs4 (openSUSE-SU-2014:0981-1)\");\n script_summary(english:\"Check for the openSUSE-2014-485 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"KDE4 Libraries and Workspace received a security fix to fix a race\ncondition in DBUS/Polkit authorization, where local attackers could\npotentially call root KDE services without proper authenticiation.\n(CVE-2014-5033)\n\nAdditionaly a interlaced GIF display bug in KHTML was fixed.\n(kde#330148)\n\nThis update also includes a kdebase4-workspace minor version update to\n4.11.11 with various bugfixes.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=819437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kde4-kgreeter-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kde4-kgreeter-plugins-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdebase4-workspace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdebase4-workspace-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdebase4-workspace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdebase4-workspace-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdebase4-workspace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdebase4-workspace-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdebase4-workspace-ksysguardd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdebase4-workspace-ksysguardd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdebase4-workspace-liboxygenstyle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdebase4-workspace-liboxygenstyle-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdebase4-workspace-liboxygenstyle-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdebase4-workspace-liboxygenstyle-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdebase4-workspace-plasma-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdebase4-workspace-plasma-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-doc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdm-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krandr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krandr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kwin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkde4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkde4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkde4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkde4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkde4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libksuseinstall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libksuseinstall1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libksuseinstall1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libksuseinstall1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libksuseinstall1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-kdebase4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kde4-kgreeter-plugins-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kde4-kgreeter-plugins-debuginfo-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdebase4-workspace-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdebase4-workspace-branding-upstream-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdebase4-workspace-debuginfo-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdebase4-workspace-debugsource-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdebase4-workspace-devel-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdebase4-workspace-devel-debuginfo-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdebase4-workspace-ksysguardd-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdebase4-workspace-ksysguardd-debuginfo-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdebase4-workspace-liboxygenstyle-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdebase4-workspace-liboxygenstyle-debuginfo-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdebase4-workspace-plasma-calendar-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdebase4-workspace-plasma-calendar-debuginfo-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdelibs4-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdelibs4-apidocs-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdelibs4-branding-upstream-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdelibs4-core-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdelibs4-core-debuginfo-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdelibs4-debuginfo-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdelibs4-debugsource-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdelibs4-doc-debuginfo-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdm-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdm-branding-upstream-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kdm-debuginfo-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"krandr-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"krandr-debuginfo-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kwin-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kwin-debuginfo-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libkde4-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libkde4-debuginfo-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libkde4-devel-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libkdecore4-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libkdecore4-debuginfo-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libkdecore4-devel-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libkdecore4-devel-debuginfo-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libksuseinstall-devel-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libksuseinstall1-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libksuseinstall1-debuginfo-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-kdebase4-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kdebase4-workspace-liboxygenstyle-32bit-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kdebase4-workspace-liboxygenstyle-debuginfo-32bit-4.11.11-115.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libkde4-32bit-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libkde4-debuginfo-32bit-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libkdecore4-32bit-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libkdecore4-debuginfo-32bit-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libksuseinstall1-32bit-4.11.5-484.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libksuseinstall1-debuginfo-32bit-4.11.5-484.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs4\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:41:02", "description": "Martin Sandsmark reports :\n\nThe KAuth framework uses polkit-1 API which tries to authenticate\nusing the requestors PID. This is prone to PID reuse race conditions.\n\nThis potentially allows a malicious application to pose as another for\nauthentication purposes when executing privileged actions.", "edition": 22, "published": "2014-08-01T00:00:00", "title": "FreeBSD : kdelibs -- KAuth PID Reuse Flaw (2f90556f-18c6-11e4-9cc4-5453ed2e2b49)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "modified": "2014-08-01T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:kdelibs"], "id": "FREEBSD_PKG_2F90556F18C611E49CC45453ED2E2B49.NASL", "href": "https://www.tenable.com/plugins/nessus/76951", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76951);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-5033\");\n\n script_name(english:\"FreeBSD : kdelibs -- KAuth PID Reuse Flaw (2f90556f-18c6-11e4-9cc4-5453ed2e2b49)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Martin Sandsmark reports :\n\nThe KAuth framework uses polkit-1 API which tries to authenticate\nusing the requestors PID. This is prone to PID reuse race conditions.\n\nThis potentially allows a malicious application to pose as another for\nauthentication purposes when executing privileged actions.\"\n );\n # http://lists.kde.org/?l=kde-announce&m=140674898412923&w=2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=kde-announce&m=140674898412923&w=2\"\n );\n # https://vuxml.freebsd.org/freebsd/2f90556f-18c6-11e4-9cc4-5453ed2e2b49.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29a5384e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"kdelibs<4.12.5_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:26:55", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "**CentOS Errata and Security Advisory** CESA-2014:1359\n\n\nPolkit-qt is a library that lets developers use the PolicyKit API through a\nQt-styled API. The polkit-qt library is used by the KDE Authentication\nAgent (KAuth), which is a part of kdelibs.\n\nIt was found that polkit-qt handled authorization requests with PolicyKit\nvia a D-Bus API that is vulnerable to a race condition. A local user could\nuse this flaw to bypass intended PolicyKit authorizations. This update\nmodifies polkit-qt to communicate with PolicyKit via a different API that\nis not vulnerable to the race condition. (CVE-2014-5033)\n\nAll polkit-qt users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-October/032709.html\n\n**Affected packages:**\npolkit-qt\npolkit-qt-devel\npolkit-qt-doc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1359.html", "edition": 3, "modified": "2014-10-06T18:04:24", "published": "2014-10-06T18:04:24", "href": "http://lists.centos.org/pipermail/centos-announce/2014-October/032709.html", "id": "CESA-2014:1359", "title": "polkit security update", "type": "centos", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "cvelist": ["CVE-2014-5033"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2304-1\r\nJuly 31, 2014\r\n\r\nkde4libs vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nkauth could be tricked into bypassing polkit authorizations.\r\n\r\nSoftware Description:\r\n- kde4libs: KDE 4 core applications and libraries\r\n\r\nDetails:\r\n\r\nIt was discovered that kauth was using polkit in an unsafe manner. A local\r\nattacker could possibly use this issue to bypass intended polkit\r\nauthorizations.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.04 LTS:\r\n kdelibs5-plugins 4:4.13.2a-0ubuntu0.3\r\n\r\nUbuntu 12.04 LTS:\r\n kdelibs5-plugins 4:4.8.5-0ubuntu0.4\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2304-1\r\n CVE-2014-5033\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/kde4libs/4:4.13.2a-0ubuntu0.3\r\n https://launchpad.net/ubuntu/+source/kde4libs/4:4.8.5-0ubuntu0.4\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2014-08-04T00:00:00", "published": "2014-08-04T00:00:00", "id": "SECURITYVULNS:DOC:30963", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30963", "title": "[USN-2304-1] KDE-Libs vulnerability", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:26", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "\nMartin Sandsmark reports:\n\nThe KAuth framework uses polkit-1 API which tries to authenticate\n\t using the requestors PID. This is prone to PID reuse race\n\t conditions.\nThis potentially allows a malicious application to pose as another\n\t for authentication purposes when executing privileged actions.\n\n", "edition": 4, "modified": "2014-07-30T00:00:00", "published": "2014-07-30T00:00:00", "id": "2F90556F-18C6-11E4-9CC4-5453ED2E2B49", "href": "https://vuxml.freebsd.org/freebsd/2f90556f-18c6-11e4-9cc4-5453ed2e2b49.html", "title": "kdelibs -- KAuth PID Reuse Flaw", "type": "freebsd", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}]}
