{"cve": [{"lastseen": "2021-02-02T06:06:50", "description": "kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an \"internal server error,\" which includes the username and password in an error message.", "edition": 6, "cvss3": {}, "published": "2014-02-05T19:55:00", "title": "CVE-2013-2074", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2074"], "modified": "2014-02-25T00:26:00", "cpe": ["cpe:/a:kde:kdelibs:4.10.0", "cpe:/a:kde:kdelibs:4.10.2", "cpe:/a:kde:kdelibs:4.10.1", "cpe:/a:kde:kdelibs:4.10.3"], "id": "CVE-2013-2074", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2074", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:kde:kdelibs:4.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.10.3:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-25T10:52:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2074"], "description": "Check for the Version of kdelibs3", "modified": "2017-07-10T00:00:00", "published": "2013-05-31T00:00:00", "id": "OPENVAS:865649", "href": "http://plugins.openvas.org/nasl.php?oid=865649", "type": "openvas", "title": "Fedora Update for kdelibs3 FEDORA-2013-8689", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdelibs3 FEDORA-2013-8689\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"kdelibs3 on Fedora 17\";\ntag_insight = \"Libraries for KDE 3:\n KDE Libraries included: kdecore (KDE core library), kdeui (user interface),\n kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),\n kspell (spelling checker), jscript (javascript), kab (addressbook),\n kimgio (image manipulation).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(865649);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-31 09:48:56 +0530 (Fri, 31 May 2013)\");\n script_cve_id(\"CVE-2013-2074\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for kdelibs3 FEDORA-2013-8689\");\n\n script_xref(name: \"FEDORA\", value: \"2013-8689\");\n script_xref(name: \"URL\" , value: \"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106930.html\");\n script_summary(\"Check for the Version of kdelibs3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdelibs3\", rpm:\"kdelibs3~3.5.10~53.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-02-06T13:10:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2074"], "description": "Check for the Version of kde4libs", "modified": "2018-02-05T00:00:00", "published": "2013-05-31T00:00:00", "id": "OPENVAS:841440", "href": "http://plugins.openvas.org/nasl.php?oid=841440", "type": "openvas", "title": "Ubuntu Update for kde4libs USN-1842-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1842_1.nasl 8672 2018-02-05 16:39:18Z teissa $\n#\n# Ubuntu Update for kde4libs USN-1842-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"kde4libs on Ubuntu 13.04 ,\n Ubuntu 12.10 ,\n Ubuntu 12.04 LTS\";\ntag_insight = \"It was discovered that KIO would sometimes display web authentication\n credentials under certain error conditions. If a user were tricked into\n opening a specially crafted web page, an attacker could potentially exploit\n this to expose confidential information.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(841440);\n script_version(\"$Revision: 8672 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-05 17:39:18 +0100 (Mon, 05 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-31 09:57:45 +0530 (Fri, 31 May 2013)\");\n script_cve_id(\"CVE-2013-2074\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Ubuntu Update for kde4libs USN-1842-1\");\n\n script_xref(name: \"USN\", value: \"1842-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1842-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of kde4libs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkio5\", ver:\"4:4.8.5-0ubuntu0.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkio5\", ver:\"4:4.9.5-0ubuntu0.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkio5\", ver:\"4:4.10.2-0ubuntu2.2\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-02-05T11:10:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2074"], "description": "Check for the Version of kdelibs3", "modified": "2018-02-03T00:00:00", "published": "2013-05-31T00:00:00", "id": "OPENVAS:865662", "href": "http://plugins.openvas.org/nasl.php?oid=865662", "type": "openvas", "title": "Fedora Update for kdelibs3 FEDORA-2013-8717", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdelibs3 FEDORA-2013-8717\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"kdelibs3 on Fedora 18\";\ntag_insight = \"Libraries for KDE 3:\n KDE Libraries included: kdecore (KDE core library), kdeui (user interface),\n kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),\n kspell (spelling checker), jscript (javascript), kab (addressbook),\n kimgio (image manipulation).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(865662);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-31 09:49:34 +0530 (Fri, 31 May 2013)\");\n script_cve_id(\"CVE-2013-2074\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for kdelibs3 FEDORA-2013-8717\");\n\n script_xref(name: \"FEDORA\", value: \"2013-8717\");\n script_xref(name: \"URL\" , value: \"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106956.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of kdelibs3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdelibs3\", rpm:\"kdelibs3~3.5.10~53.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2074"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-05-31T00:00:00", "id": "OPENVAS:1361412562310841440", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841440", "type": "openvas", "title": "Ubuntu Update for kde4libs USN-1842-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1842_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for kde4libs USN-1842-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841440\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-31 09:57:45 +0530 (Fri, 31 May 2013)\");\n script_cve_id(\"CVE-2013-2074\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Ubuntu Update for kde4libs USN-1842-1\");\n\n script_xref(name:\"USN\", value:\"1842-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1842-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kde4libs'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|12\\.10|13\\.04)\");\n script_tag(name:\"affected\", value:\"kde4libs on Ubuntu 13.04,\n Ubuntu 12.10,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"It was discovered that KIO would sometimes display web authentication\n credentials under certain error conditions. If a user were tricked into\n opening a specially crafted web page, an attacker could potentially exploit\n this to expose confidential information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkio5\", ver:\"4:4.8.5-0ubuntu0.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkio5\", ver:\"4:4.9.5-0ubuntu0.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkio5\", ver:\"4:4.10.2-0ubuntu2.2\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:37:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2074"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-05-31T00:00:00", "id": "OPENVAS:1361412562310865649", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865649", "type": "openvas", "title": "Fedora Update for kdelibs3 FEDORA-2013-8689", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdelibs3 FEDORA-2013-8689\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.865649\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-31 09:48:56 +0530 (Fri, 31 May 2013)\");\n script_cve_id(\"CVE-2013-2074\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for kdelibs3 FEDORA-2013-8689\");\n script_xref(name:\"FEDORA\", value:\"2013-8689\");\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106930.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kdelibs3'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"kdelibs3 on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdelibs3\", rpm:\"kdelibs3~3.5.10~53.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:38:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2074"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-05-31T00:00:00", "id": "OPENVAS:1361412562310865662", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865662", "type": "openvas", "title": "Fedora Update for kdelibs3 FEDORA-2013-8717", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdelibs3 FEDORA-2013-8717\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.865662\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-31 09:49:34 +0530 (Fri, 31 May 2013)\");\n script_cve_id(\"CVE-2013-2074\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for kdelibs3 FEDORA-2013-8717\");\n script_xref(name:\"FEDORA\", value:\"2013-8717\");\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106956.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kdelibs3'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"kdelibs3 on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdelibs3\", rpm:\"kdelibs3~3.5.10~53.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-29T20:08:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2074", "CVE-2017-8422", "CVE-2017-6410"], "description": "Several vulnerabilities were discovered in kde4libs, the core libraries\nfor all KDE 4 applications. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2017-6410\n\nItzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs\nreported that URLs are not sanitized before passing them to\nFindProxyForURL, potentially allowing a remote attacker to obtain\nsensitive information via a crafted PAC file.\n\nCVE-2017-8422\n\nSebastian Krahmer from SUSE discovered that the KAuth framework\ncontains a logic flaw in which the service invoking dbus is not\nproperly checked. This flaw allows spoofing the identity of the\ncaller and gaining root privileges from an unprivileged account.\n\nCVE-2013-2074\n\nIt was discovered that KIO would show web authentication\ncredentials in some error cases.", "modified": "2020-01-29T00:00:00", "published": "2018-01-25T00:00:00", "id": "OPENVAS:1361412562310890952", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890952", "type": "openvas", "title": "Debian LTS: Security Advisory for kde4libs (DLA-952-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890952\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2013-2074\", \"CVE-2017-6410\", \"CVE-2017-8422\");\n script_name(\"Debian LTS: Security Advisory for kde4libs (DLA-952-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-25 00:00:00 +0100 (Thu, 25 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/05/msg00023.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"kde4libs on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n4:4.8.4-4+deb7u3.\n\nWe recommend that you upgrade your kde4libs packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in kde4libs, the core libraries\nfor all KDE 4 applications. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2017-6410\n\nItzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs\nreported that URLs are not sanitized before passing them to\nFindProxyForURL, potentially allowing a remote attacker to obtain\nsensitive information via a crafted PAC file.\n\nCVE-2017-8422\n\nSebastian Krahmer from SUSE discovered that the KAuth framework\ncontains a logic flaw in which the service invoking dbus is not\nproperly checked. This flaw allows spoofing the identity of the\ncaller and gaining root privileges from an unprivileged account.\n\nCVE-2013-2074\n\nIt was discovered that KIO would show web authentication\ncredentials in some error cases.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"kdelibs-bin\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"kdelibs5-data\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"kdelibs5-dbg\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"kdelibs5-dev\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"kdelibs5-plugins\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"kdoctools\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkcmutils4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkde3support4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkdeclarative5\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkdecore5\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkdesu5\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkdeui5\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkdewebkit5\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkdnssd4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkemoticons4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkfile4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkhtml5\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkidletime4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkimproxy4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkio5\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkjsapi4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkjsembed4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkmediaplayer4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libknewstuff2-4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libknewstuff3-4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libknotifyconfig4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkntlm4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkparts4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkprintutils4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkpty4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkrosscore4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkrossui4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libktexteditor4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkunitconversion4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkutils4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnepomuk4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnepomukquery4a\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnepomukutils4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libplasma3\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsolid4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libthreadweaver4\", ver:\"4:4.8.4-4+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2074", "CVE-2014-3494", "CVE-2011-1094", "CVE-2011-3365"], "description": "Gentoo Linux Local Security Checks GLSA 201406-34", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121237", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121237", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201406-34", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201406-34.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121237\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:37 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201406-34\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in KDE Libraries. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201406-34\");\n script_cve_id(\"CVE-2011-1094\", \"CVE-2011-3365\", \"CVE-2013-2074\", \"CVE-2014-3494\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201406-34\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"kde-base/kdelibs\", unaffected: make_list(\"ge 4.12.5-r1\"), vulnerable: make_list(\"lt 4.12.5-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:51", "bulletinFamily": "software", "cvelist": ["CVE-2013-2074"], "description": "User's credentials are incorrectly requested under some conditions.", "edition": 1, "modified": "2013-06-04T00:00:00", "published": "2013-06-04T00:00:00", "id": "SECURITYVULNS:VULN:13105", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13105", "title": "kde4libs information leakage", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:48", "bulletinFamily": "software", "cvelist": ["CVE-2013-2074"], "description": "\r\n\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1842-1\r\nMay 29, 2013\r\n\r\nkde4libs vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 13.04\r\n- Ubuntu 12.10\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nKDE-Libs could be made to expose web credentials.\r\n\r\nSoftware Description:\r\n- kde4libs: KDE 4 core applications and libraries\r\n\r\nDetails:\r\n\r\nIt was discovered that KIO would sometimes display web authentication\r\ncredentials under certain error conditions. If a user were tricked into\r\nopening a specially crafted web page, an attacker could potentially exploit\r\nthis to expose confidential information.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 13.04:\r\n libkio5 4:4.10.2-0ubuntu2.2\r\n\r\nUbuntu 12.10:\r\n libkio5 4:4.9.5-0ubuntu0.2\r\n\r\nUbuntu 12.04 LTS:\r\n libkio5 4:4.8.5-0ubuntu0.2\r\n\r\nAfter a standard system update you need to restart any applications that\r\nuse KIO from KDE-Libs, such as Konqueror, to make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1842-1\r\n CVE-2013-2074\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/kde4libs/4:4.10.2-0ubuntu2.2\r\n https://launchpad.net/ubuntu/+source/kde4libs/4:4.9.5-0ubuntu0.2\r\n https://launchpad.net/ubuntu/+source/kde4libs/4:4.8.5-0ubuntu0.2\r\n\r\n\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "modified": "2013-06-04T00:00:00", "published": "2013-06-04T00:00:00", "id": "SECURITYVULNS:DOC:29444", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29444", "title": "[USN-1842-1] KDE-Libs vulnerability", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2074"], "description": "Libraries for KDE 3: KDE Libraries included: kdecore (KDE core library), kdeui (user interface), kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking), kspell (spelling checker), jscript (javascript), kab (addressbook), kimgio (image manipulation). ", "modified": "2013-05-29T00:58:25", "published": "2013-05-29T00:58:25", "id": "FEDORA:DCD762161F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: kdelibs3-3.5.10-53.fc18", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2074"], "description": "Libraries for KDE 3: KDE Libraries included: kdecore (KDE core library), kdeui (user interface), kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking), kspell (spelling checker), jscript (javascript), kab (addressbook), kimgio (image manipulation). ", "modified": "2013-05-27T03:28:07", "published": "2013-05-27T03:28:07", "id": "FEDORA:90927212A3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: kdelibs3-3.5.10-53.fc19", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:38:48", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2074"], "description": "It was discovered that KIO would sometimes display web authentication \ncredentials under certain error conditions. If a user were tricked into \nopening a specially crafted web page, an attacker could potentially exploit \nthis to expose confidential information.", "edition": 5, "modified": "2013-05-29T00:00:00", "published": "2013-05-29T00:00:00", "id": "USN-1842-1", "href": "https://ubuntu.com/security/notices/USN-1842-1", "title": "KDE-Libs vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-12T10:11:57", "description": "This update fixes a low-impact security issue in the KDE 3\ncompatibility (kdelibs3) version of kio_http where it would print\npasswords contained in HTTP URLs in error and debugging messages\n(CVE-2013-2074).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-05-29T00:00:00", "title": "Fedora 17 : kdelibs3-3.5.10-53.fc17 (2013-8689)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2074"], "modified": "2013-05-29T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:kdelibs3"], "id": "FEDORA_2013-8689.NASL", "href": "https://www.tenable.com/plugins/nessus/66650", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-8689.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66650);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-2074\");\n script_bugtraq_id(59808);\n script_xref(name:\"FEDORA\", value:\"2013-8689\");\n\n script_name(english:\"Fedora 17 : kdelibs3-3.5.10-53.fc17 (2013-8689)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a low-impact security issue in the KDE 3\ncompatibility (kdelibs3) version of kio_http where it would print\npasswords contained in HTTP URLs in error and debugging messages\n(CVE-2013-2074).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=961981\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-May/106930.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd747d9d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdelibs3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"kdelibs3-3.5.10-53.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs3\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:11:57", "description": "This update fixes a low-impact security issue in the KDE 3\ncompatibility (kdelibs3) version of kio_http where it would print\npasswords contained in HTTP URLs in error and debugging messages\n(CVE-2013-2074).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-05-29T00:00:00", "title": "Fedora 18 : kdelibs3-3.5.10-53.fc18 (2013-8717)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2074"], "modified": "2013-05-29T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:kdelibs3"], "id": "FEDORA_2013-8717.NASL", "href": "https://www.tenable.com/plugins/nessus/66655", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-8717.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66655);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-2074\");\n script_bugtraq_id(59808);\n script_xref(name:\"FEDORA\", value:\"2013-8717\");\n\n script_name(english:\"Fedora 18 : kdelibs3-3.5.10-53.fc18 (2013-8717)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a low-impact security issue in the KDE 3\ncompatibility (kdelibs3) version of kio_http where it would print\npasswords contained in HTTP URLs in error and debugging messages\n(CVE-2013-2074).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=961981\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-May/106956.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68429513\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdelibs3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"kdelibs3-3.5.10-53.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs3\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:11:57", "description": "This update fixes a low-impact security issue in the KDE 3\ncompatibility (kdelibs3) version of kio_http where it would print\npasswords contained in HTTP URLs in error and debugging messages\n(CVE-2013-2074).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-05-28T00:00:00", "title": "Fedora 19 : kdelibs3-3.5.10-53.fc19 (2013-8625)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2074"], "modified": "2013-05-28T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:kdelibs3"], "id": "FEDORA_2013-8625.NASL", "href": "https://www.tenable.com/plugins/nessus/66607", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-8625.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66607);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-2074\");\n script_bugtraq_id(59808);\n script_xref(name:\"FEDORA\", value:\"2013-8625\");\n\n script_name(english:\"Fedora 19 : kdelibs3-3.5.10-53.fc19 (2013-8625)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a low-impact security issue in the KDE 3\ncompatibility (kdelibs3) version of kio_http where it would print\npasswords contained in HTTP URLs in error and debugging messages\n(CVE-2013-2074).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=961981\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-May/106784.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b380ec93\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdelibs3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"kdelibs3-3.5.10-53.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs3\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-04-01T07:22:29", "description": "It was discovered that KIO would sometimes display web authentication\ncredentials under certain error conditions. If a user were tricked\ninto opening a specially crafted web page, an attacker could\npotentially exploit this to expose confidential information.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2013-05-30T00:00:00", "title": "Ubuntu 12.04 LTS / 12.10 / 13.04 : kde4libs vulnerability (USN-1842-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2074"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libkio5", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1842-1.NASL", "href": "https://www.tenable.com/plugins/nessus/66691", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1842-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66691);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-2074\");\n script_bugtraq_id(59808);\n script_xref(name:\"USN\", value:\"1842-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 12.10 / 13.04 : kde4libs vulnerability (USN-1842-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that KIO would sometimes display web authentication\ncredentials under certain error conditions. If a user were tricked\ninto opening a specially crafted web page, an attacker could\npotentially exploit this to expose confidential information.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1842-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libkio5 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkio5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|12\\.10|13\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 12.10 / 13.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libkio5\", pkgver:\"4:4.8.5-0ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libkio5\", pkgver:\"4:4.9.5-0ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"libkio5\", pkgver:\"4:4.10.2-0ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libkio5\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T09:44:29", "description": "Several vulnerabilities were discovered in kde4libs, the core\nlibraries for all KDE 4 applications. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\nCVE-2017-6410\n\nItzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs\nreported that URLs are not sanitized before passing them to\nFindProxyForURL, potentially allowing a remote attacker to obtain\nsensitive information via a crafted PAC file.\n\nCVE-2017-8422\n\nSebastian Krahmer from SUSE discovered that the KAuth framework\ncontains a logic flaw in which the service invoking dbus is not\nproperly checked. This flaw allows spoofing the identity of the caller\nand gaining root privileges from an unprivileged account.\n\nCVE-2013-2074\n\nIt was discovered that KIO would show web authentication credentials\nin some error cases.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n4:4.8.4-4+deb7u3.\n\nWe recommend that you upgrade your kde4libs packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 20, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-26T00:00:00", "title": "Debian DLA-952-1 : kde4libs security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2074", "CVE-2017-8422", "CVE-2017-6410"], "modified": "2017-05-26T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libkprintutils4", "p-cpe:/a:debian:debian_linux:libkde3support4", "p-cpe:/a:debian:debian_linux:libkio5", "p-cpe:/a:debian:debian_linux:libkemoticons4", "p-cpe:/a:debian:debian_linux:libkrosscore4", "p-cpe:/a:debian:debian_linux:kdelibs5-plugins", "p-cpe:/a:debian:debian_linux:libknewstuff2-4", "p-cpe:/a:debian:debian_linux:libnepomukutils4", "p-cpe:/a:debian:debian_linux:libkjsembed4", "p-cpe:/a:debian:debian_linux:libnepomuk4", "p-cpe:/a:debian:debian_linux:libkdecore5", "p-cpe:/a:debian:debian_linux:libkhtml5", "p-cpe:/a:debian:debian_linux:libkutils4", "p-cpe:/a:debian:debian_linux:kdelibs5-dbg", "p-cpe:/a:debian:debian_linux:libkdewebkit5", "p-cpe:/a:debian:debian_linux:kdelibs-bin", "p-cpe:/a:debian:debian_linux:libknewstuff3-4", "p-cpe:/a:debian:debian_linux:kdelibs5-data", "p-cpe:/a:debian:debian_linux:libkunitconversion4", "p-cpe:/a:debian:debian_linux:libkntlm4", "p-cpe:/a:debian:debian_linux:libknotifyconfig4", "p-cpe:/a:debian:debian_linux:libnepomukquery4a", "p-cpe:/a:debian:debian_linux:libthreadweaver4", "p-cpe:/a:debian:debian_linux:libktexteditor4", "p-cpe:/a:debian:debian_linux:libkimproxy4", "p-cpe:/a:debian:debian_linux:libkrossui4", "p-cpe:/a:debian:debian_linux:kdelibs5-dev", "p-cpe:/a:debian:debian_linux:libkjsapi4", "p-cpe:/a:debian:debian_linux:libkfile4", "p-cpe:/a:debian:debian_linux:libkidletime4", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:libkdnssd4", "p-cpe:/a:debian:debian_linux:libkpty4", "p-cpe:/a:debian:debian_linux:libsolid4", "p-cpe:/a:debian:debian_linux:libkdeui5", "p-cpe:/a:debian:debian_linux:libkdesu5", "p-cpe:/a:debian:debian_linux:libkmediaplayer4", "p-cpe:/a:debian:debian_linux:libkparts4", "p-cpe:/a:debian:debian_linux:libkcmutils4", "p-cpe:/a:debian:debian_linux:libplasma3", "p-cpe:/a:debian:debian_linux:kdoctools", "p-cpe:/a:debian:debian_linux:libkdeclarative5"], "id": "DEBIAN_DLA-952.NASL", "href": "https://www.tenable.com/plugins/nessus/100431", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-952-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100431);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-2074\", \"CVE-2017-6410\", \"CVE-2017-8422\");\n script_bugtraq_id(59808);\n\n script_name(english:\"Debian DLA-952-1 : kde4libs security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in kde4libs, the core\nlibraries for all KDE 4 applications. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\nCVE-2017-6410\n\nItzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs\nreported that URLs are not sanitized before passing them to\nFindProxyForURL, potentially allowing a remote attacker to obtain\nsensitive information via a crafted PAC file.\n\nCVE-2017-8422\n\nSebastian Krahmer from SUSE discovered that the KAuth framework\ncontains a logic flaw in which the service invoking dbus is not\nproperly checked. This flaw allows spoofing the identity of the caller\nand gaining root privileges from an unprivileged account.\n\nCVE-2013-2074\n\nIt was discovered that KIO would show web authentication credentials\nin some error cases.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n4:4.8.4-4+deb7u3.\n\nWe recommend that you upgrade your kde4libs packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/05/msg00023.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/kde4libs\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kdelibs-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kdelibs5-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kdelibs5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kdelibs5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kdelibs5-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kdoctools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkcmutils4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkde3support4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkdeclarative5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkdecore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkdesu5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkdeui5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkdewebkit5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkdnssd4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkemoticons4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkfile4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkhtml5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkidletime4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkimproxy4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkio5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkjsapi4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkjsembed4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkmediaplayer4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libknewstuff2-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libknewstuff3-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libknotifyconfig4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkntlm4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkparts4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkprintutils4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkpty4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkrosscore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkrossui4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libktexteditor4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkunitconversion4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkutils4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnepomuk4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnepomukquery4a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnepomukutils4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libplasma3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsolid4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libthreadweaver4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"kdelibs-bin\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"kdelibs5-data\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"kdelibs5-dbg\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"kdelibs5-dev\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"kdelibs5-plugins\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"kdoctools\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkcmutils4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkde3support4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkdeclarative5\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkdecore5\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkdesu5\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkdeui5\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkdewebkit5\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkdnssd4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkemoticons4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkfile4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkhtml5\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkidletime4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkimproxy4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkio5\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkjsapi4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkjsembed4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkmediaplayer4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libknewstuff2-4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libknewstuff3-4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libknotifyconfig4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkntlm4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkparts4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkprintutils4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkpty4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkrosscore4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkrossui4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libktexteditor4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkunitconversion4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkutils4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libnepomuk4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libnepomukquery4a\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libnepomukutils4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libplasma3\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libsolid4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libthreadweaver4\", reference:\"4:4.8.4-4+deb7u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:55:56", "description": "The remote host is affected by the vulnerability described in GLSA-201406-34\n(KDE Libraries: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in KDE Libraries. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could cause a man-in-the-middle attack via any\n certificate issued by a legitimate certification authority. Furthermore,\n a local attacker may gain knowledge of user passwords through an\n information leak.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2014-06-30T00:00:00", "title": "GLSA-201406-34 : KDE Libraries: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2074", "CVE-2014-3494", "CVE-2011-1094", "CVE-2011-3365"], "modified": "2014-06-30T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:kdelibs", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201406-34.NASL", "href": "https://www.tenable.com/plugins/nessus/76305", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201406-34.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76305);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-1094\", \"CVE-2011-3365\", \"CVE-2013-2074\", \"CVE-2014-3494\");\n script_bugtraq_id(46789, 49925, 59808, 68113);\n script_xref(name:\"GLSA\", value:\"201406-34\");\n\n script_name(english:\"GLSA-201406-34 : KDE Libraries: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201406-34\n(KDE Libraries: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in KDE Libraries. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could cause a man-in-the-middle attack via any\n certificate issued by a legitimate certification authority. Furthermore,\n a local attacker may gain knowledge of user passwords through an\n information leak.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201406-34\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All KDE users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=kde-base/kdelibs-4.12.5-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"kde-base/kdelibs\", unaffected:make_list(\"ge 4.12.5-r1\"), vulnerable:make_list(\"lt 4.12.5-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"KDE Libraries\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2019-05-30T02:21:47", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2074", "CVE-2017-8422", "CVE-2017-6410"], "description": "Package : kde4libs\nVersion : 4:4.8.4-4+deb7u3\nCVE ID : CVE-2013-2074 CVE-2017-6410 CVE-2017-8422\nDebian Bug : 856890\n\nSeveral vulnerabilities were discovered in kde4libs, the core libraries\nfor all KDE 4 applications. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2017-6410\n\n Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs\n reported that URLs are not sanitized before passing them to\n FindProxyForURL, potentially allowing a remote attacker to obtain\n sensitive information via a crafted PAC file.\n\nCVE-2017-8422\n\n Sebastian Krahmer from SUSE discovered that the KAuth framework\n contains a logic flaw in which the service invoking dbus is not\n properly checked. This flaw allows spoofing the identity of the\n caller and gaining root privileges from an unprivileged account.\n\nCVE-2013-2074\n\n It was discovered that KIO would show web authentication\n credentials in some error cases.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n4:4.8.4-4+deb7u3.\n\nWe recommend that you upgrade your kde4libs packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-05-25T16:25:46", "published": "2017-05-25T16:25:46", "id": "DEBIAN:DLA-952-1:E72E9", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201705/msg00023.html", "title": "[SECURITY] [DLA 952-1] kde4libs security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:45", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2074", "CVE-2014-3494", "CVE-2011-1094", "CVE-2011-3365"], "edition": 1, "description": "### Background\n\nKDE is a feature-rich graphical desktop environment for Linux and Unix-like operating systems. KDE Libraries contains libraries needed by all KDE applications. \n\n### Description\n\nMultiple vulnerabilities have been discovered in KDE Libraries. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could cause a man-in-the-middle attack via any certificate issued by a legitimate certification authority. Furthermore, a local attacker may gain knowledge of user passwords through an information leak. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll KDE users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kdelibs-4.12.5-r1\"", "modified": "2014-06-29T00:00:00", "published": "2014-06-29T00:00:00", "id": "GLSA-201406-34", "href": "https://security.gentoo.org/glsa/201406-34", "type": "gentoo", "title": "KDE Libraries: Multiple vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}
