{"cve": [{"lastseen": "2020-12-09T19:39:12", "description": "Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.", "edition": 5, "cvss3": {}, "published": "2011-12-10T17:55:00", "title": "CVE-2011-4349", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4349"], "modified": "2011-12-12T05:00:00", "cpe": ["cpe:/a:freedesktop:colord:0.1.6", "cpe:/a:freedesktop:colord:0.1.13", "cpe:/a:freedesktop:colord:0.1.8", "cpe:/a:freedesktop:colord:0.1.4", "cpe:/a:freedesktop:colord:0.1.3", "cpe:/a:freedesktop:colord:0.1.1", "cpe:/a:freedesktop:colord:0.1.2", "cpe:/a:freedesktop:colord:0.1.11", "cpe:/a:freedesktop:colord:0.1.10", "cpe:/a:freedesktop:colord:0.1.9", "cpe:/a:freedesktop:colord:0.1.12", "cpe:/a:freedesktop:colord:0.1.5", "cpe:/a:freedesktop:colord:0.1.7", "cpe:/a:freedesktop:colord:0.1.14", "cpe:/a:freedesktop:colord:0.1.0"], "id": "CVE-2011-4349", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4349", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:freedesktop:colord:0.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:colord:0.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:colord:0.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:colord:0.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:colord:0.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:colord:0.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:colord:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:colord:0.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:colord:0.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:colord:0.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:colord:0.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:colord:0.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:colord:0.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:colord:0.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:colord:0.1.9:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-09T01:46:12", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4349"], "description": "It was discovered that colord incorrectly handled certain SQL queries. A \nlocal attacker could exploit this to modify arbitrary sqlite databases. On \nUbuntu, colord runs as its own user by default, so standard file \npermissions would limit which databases could be altered.", "edition": 5, "modified": "2011-12-07T00:00:00", "published": "2011-12-07T00:00:00", "id": "USN-1289-1", "href": "https://ubuntu.com/security/notices/USN-1289-1", "title": "colord vulnerability", "type": "ubuntu", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2018-01-06T13:07:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4349"], "description": "Check for the Version of colord", "modified": "2018-01-05T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:864058", "href": "http://plugins.openvas.org/nasl.php?oid=864058", "type": "openvas", "title": "Fedora Update for colord FEDORA-2011-16453", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for colord FEDORA-2011-16453\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"colord on Fedora 16\";\ntag_insight = \"colord is a low level system activated daemon that maps color devices\n to color profiles in the system context.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070450.html\");\n script_id(864058);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 13:06:10 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-4349\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-16453\");\n script_name(\"Fedora Update for colord FEDORA-2011-16453\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of colord\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"colord\", rpm:\"colord~0.1.15~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4349"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-12-05T00:00:00", "id": "OPENVAS:1361412562310863652", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863652", "type": "openvas", "title": "Fedora Update for colord FEDORA-2011-16451", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for colord FEDORA-2011-16451\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070518.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863652\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-05 12:17:54 +0530 (Mon, 05 Dec 2011)\");\n script_xref(name:\"FEDORA\", value:\"2011-16451\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-4349\");\n script_name(\"Fedora Update for colord FEDORA-2011-16451\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'colord'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"colord on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"colord\", rpm:\"colord~0.1.15~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4349"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:1361412562310864058", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864058", "type": "openvas", "title": "Fedora Update for colord FEDORA-2011-16453", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for colord FEDORA-2011-16453\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070450.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864058\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 13:06:10 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-4349\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-16453\");\n script_name(\"Fedora Update for colord FEDORA-2011-16453\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'colord'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"colord on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"colord\", rpm:\"colord~0.1.15~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4349"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1289-1", "modified": "2019-03-13T00:00:00", "published": "2012-03-16T00:00:00", "id": "OPENVAS:1361412562310840936", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840936", "type": "openvas", "title": "Ubuntu Update for colord USN-1289-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1289_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for colord USN-1289-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1289-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840936\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-16 10:51:08 +0530 (Fri, 16 Mar 2012)\");\n script_cve_id(\"CVE-2011-4349\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1289-1\");\n script_name(\"Ubuntu Update for colord USN-1289-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1289-1\");\n script_tag(name:\"affected\", value:\"colord on Ubuntu 11.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that colord incorrectly handled certain SQL queries. A\n local attacker could exploit this to modify arbitrary sqlite databases. On\n Ubuntu, colord runs as its own user by default, so standard file\n permissions would limit which databases could be altered.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"colord\", ver:\"0.1.12-1ubuntu2.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T11:21:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4349"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1289-1", "modified": "2017-12-01T00:00:00", "published": "2012-03-16T00:00:00", "id": "OPENVAS:840936", "href": "http://plugins.openvas.org/nasl.php?oid=840936", "type": "openvas", "title": "Ubuntu Update for colord USN-1289-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1289_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for colord USN-1289-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that colord incorrectly handled certain SQL queries. A\n local attacker could exploit this to modify arbitrary sqlite databases. On\n Ubuntu, colord runs as its own user by default, so standard file\n permissions would limit which databases could be altered.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1289-1\";\ntag_affected = \"colord on Ubuntu 11.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1289-1/\");\n script_id(840936);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-16 10:51:08 +0530 (Fri, 16 Mar 2012)\");\n script_cve_id(\"CVE-2011-4349\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1289-1\");\n script_name(\"Ubuntu Update for colord USN-1289-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"colord\", ver:\"0.1.12-1ubuntu2.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4349"], "description": "Check for the Version of colord", "modified": "2017-07-10T00:00:00", "published": "2011-12-05T00:00:00", "id": "OPENVAS:863652", "href": "http://plugins.openvas.org/nasl.php?oid=863652", "type": "openvas", "title": "Fedora Update for colord FEDORA-2011-16451", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for colord FEDORA-2011-16451\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"colord on Fedora 15\";\ntag_insight = \"colord is a low level system activated daemon that maps color devices\n to color profiles in the system context.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070518.html\");\n script_id(863652);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-05 12:17:54 +0530 (Mon, 05 Dec 2011)\");\n script_xref(name: \"FEDORA\", value: \"2011-16451\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-4349\");\n script_name(\"Fedora Update for colord FEDORA-2011-16451\");\n\n script_summary(\"Check for the Version of colord\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"colord\", rpm:\"colord~0.1.15~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:43", "bulletinFamily": "software", "cvelist": ["CVE-2011-4349"], "description": "==========================================================================\r\nUbuntu Security Notice USN-1289-1\r\nDecember 07, 2011\r\n\r\ncolord vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.10\r\n\r\nSummary:\r\n\r\ncolord could be made to modify databases.\r\n\r\nSoftware Description:\r\n- colord: Service to manage device colour profiles\r\n\r\nDetails:\r\n\r\nIt was discovered that colord incorrectly handled certain SQL queries. A\r\nlocal attacker could exploit this to modify arbitrary sqlite databases. On\r\nUbuntu, colord runs as its own user by default, so standard file\r\npermissions would limit which databases could be altered.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.10:\r\n colord 0.1.12-1ubuntu2.1\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1289-1\r\n CVE-2011-4349\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/colord/0.1.12-1ubuntu2.1\r\n", "edition": 1, "modified": "2011-12-12T00:00:00", "published": "2011-12-12T00:00:00", "id": "SECURITYVULNS:DOC:27433", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27433", "title": "[USN-1289-1] colord vulnerability", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T04:00:48", "description": " - Update to version 0.1.15 :\n\n + This release fixes an important security bug:\n CVE-2011-4349.\n\n + New Features :\n\n - Add a native driver for the Hughski ColorHug hardware\n\n - Export cd-math as three projects are now using it\n\n + Bugfixes :\n\n - Documentation fixes and improvements\n\n - Do not crash the daemon if adding the device to the db\n failed\n\n - Do not match any sensor device with a kernel driver\n\n - Don't be obscure when the user passes a device-id to\n colormgr\n\n - Fix a memory leak when getting properties from a device\n\n - Fix colormgr device-get-default-profile\n\n - Fix some conection bugs in colormgr\n\n - Fix some potential SQL injections\n\n - Make gusb optional\n\n - Only use the udev USB helper if the PID and VID have\n matches\n\n - Output the Huey calibration matrices when dumping the\n sensor\n\n - Changes from version 0.1.14 :\n\n + New Features :\n\n - Add defines for the i1 Display 3\n\n - Add two more DATA_source values to the specification\n\n - Align the output from colormgr get-devices and\n get-profiles\n\n - Allow cd-fix-profile to append and edit new metadata\n\n + Bugfixes :\n\n - Ensure non-native device are added with no driver module\n\n - Split the sensor and device udev code\n\n + Updated translations.\n\n - Run the colord daemon as user colord :\n\n + Add colord-polkit-annotate-owner.patch: add\n org.freedesktop.policykit.owner annotations to policy\n file so that running as colord user works.\n\n + Add a %pre script to create the colord user.\n\n + Add pwdutils Requires(pre), to make sure we can create\n the user.\n\n + Pass --with-daemon-user=colord to configure.\n\n + Package /var/lib/colord with the right user.\n\n + Add calls to autoreconf and intltoolize, as needed by\n above patch.", "edition": 23, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : colord (openSUSE-2011-57)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4349"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libcolord1-32bit", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:colord", "p-cpe:/a:novell:opensuse:colord-lang", "p-cpe:/a:novell:opensuse:colord-debuginfo", "p-cpe:/a:novell:opensuse:libcolord1-debuginfo", "p-cpe:/a:novell:opensuse:colord-debugsource", "p-cpe:/a:novell:opensuse:libcolord1", "p-cpe:/a:novell:opensuse:libcolord1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libcolord-devel"], "id": "OPENSUSE-2011-57.NASL", "href": "https://www.tenable.com/plugins/nessus/74530", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2011-57.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74530);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/10/25 13:36:40\");\n\n script_cve_id(\"CVE-2011-4349\");\n\n script_name(english:\"openSUSE Security Update : colord (openSUSE-2011-57)\");\n script_summary(english:\"Check for the openSUSE-2011-57 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to version 0.1.15 :\n\n + This release fixes an important security bug:\n CVE-2011-4349.\n\n + New Features :\n\n - Add a native driver for the Hughski ColorHug hardware\n\n - Export cd-math as three projects are now using it\n\n + Bugfixes :\n\n - Documentation fixes and improvements\n\n - Do not crash the daemon if adding the device to the db\n failed\n\n - Do not match any sensor device with a kernel driver\n\n - Don't be obscure when the user passes a device-id to\n colormgr\n\n - Fix a memory leak when getting properties from a device\n\n - Fix colormgr device-get-default-profile\n\n - Fix some conection bugs in colormgr\n\n - Fix some potential SQL injections\n\n - Make gusb optional\n\n - Only use the udev USB helper if the PID and VID have\n matches\n\n - Output the Huey calibration matrices when dumping the\n sensor\n\n - Changes from version 0.1.14 :\n\n + New Features :\n\n - Add defines for the i1 Display 3\n\n - Add two more DATA_source values to the specification\n\n - Align the output from colormgr get-devices and\n get-profiles\n\n - Allow cd-fix-profile to append and edit new metadata\n\n + Bugfixes :\n\n - Ensure non-native device are added with no driver module\n\n - Split the sensor and device udev code\n\n + Updated translations.\n\n - Run the colord daemon as user colord :\n\n + Add colord-polkit-annotate-owner.patch: add\n org.freedesktop.policykit.owner annotations to policy\n file so that running as colord user works.\n\n + Add a %pre script to create the colord user.\n\n + Add pwdutils Requires(pre), to make sure we can create\n the user.\n\n + Pass --with-daemon-user=colord to configure.\n\n + Package /var/lib/colord with the right user.\n\n + Add calls to autoreconf and intltoolize, as needed by\n above patch.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=732996\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected colord packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:colord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:colord-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:colord-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:colord-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcolord-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcolord1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcolord1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcolord1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcolord1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"colord-0.1.15-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"colord-debuginfo-0.1.15-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"colord-debugsource-0.1.15-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"colord-lang-0.1.15-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libcolord-devel-0.1.15-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libcolord1-0.1.15-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libcolord1-debuginfo-0.1.15-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libcolord1-32bit-0.1.15-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libcolord1-debuginfo-32bit-0.1.15-2.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"colord / colord-debuginfo / colord-debugsource / colord-lang / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:37:11", "description": "It was discovered that colord incorrectly handled certain SQL queries.\nA local attacker could exploit this to modify arbitrary sqlite\ndatabases. On Ubuntu, colord runs as its own user by default, so\nstandard file permissions would limit which databases could be\naltered.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-12-08T00:00:00", "title": "Ubuntu 11.10 : colord vulnerability (USN-1289-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4349"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:colord", "cpe:/o:canonical:ubuntu_linux:11.10"], "id": "UBUNTU_USN-1289-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57047", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1289-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57047);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-4349\");\n script_bugtraq_id(50814);\n script_xref(name:\"USN\", value:\"1289-1\");\n\n script_name(english:\"Ubuntu 11.10 : colord vulnerability (USN-1289-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that colord incorrectly handled certain SQL queries.\nA local attacker could exploit this to modify arbitrary sqlite\ndatabases. On Ubuntu, colord runs as its own user by default, so\nstandard file permissions would limit which databases could be\naltered.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1289-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected colord package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:colord\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.10\", pkgname:\"colord\", pkgver:\"0.1.12-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"colord\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:21", "description": " - New upstream version\n\n - This release fixes an important security bug:\n CVE-2011-4349.\n\n - Do not crash the daemon if adding the device to the db\n failed\n\n - Fix a memory leak when getting properties from a\n device\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2011-12-05T00:00:00", "title": "Fedora 16 : colord-0.1.15-1.fc16 (2011-16453)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4349"], "modified": "2011-12-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:colord", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2011-16453.NASL", "href": "https://www.tenable.com/plugins/nessus/57004", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-16453.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57004);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4349\");\n script_xref(name:\"FEDORA\", value:\"2011-16453\");\n\n script_name(english:\"Fedora 16 : colord-0.1.15-1.fc16 (2011-16453)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - New upstream version\n\n - This release fixes an important security bug:\n CVE-2011-4349.\n\n - Do not crash the daemon if adding the device to the db\n failed\n\n - Fix a memory leak when getting properties from a\n device\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=757171\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/070450.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?09ef5193\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected colord package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:colord\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"colord-0.1.15-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"colord\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:21", "description": " - New rebased upstream version.\n\n - This release fixes an important security bug:\n CVE-2011-4349.\n\n - Do not crash the daemon if adding the device to the db\n failed\n\n - Fix a memory leak when getting properties from a\n device\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2011-12-05T00:00:00", "title": "Fedora 15 : colord-0.1.15-1.fc15 (2011-16451)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4349"], "modified": "2011-12-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:colord", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-16451.NASL", "href": "https://www.tenable.com/plugins/nessus/57003", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-16451.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57003);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4349\");\n script_xref(name:\"FEDORA\", value:\"2011-16451\");\n\n script_name(english:\"Fedora 15 : colord-0.1.15-1.fc15 (2011-16451)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - New rebased upstream version.\n\n - This release fixes an important security bug:\n CVE-2011-4349.\n\n - Do not crash the daemon if adding the device to the db\n failed\n\n - Fix a memory leak when getting properties from a\n device\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=757173\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/070518.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b4fb8aa5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected colord package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:colord\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"colord-0.1.15-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"colord\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4349"], "description": "colord is a low level system activated daemon that maps color devices to color profiles in the system context. ", "modified": "2011-12-04T02:46:55", "published": "2011-12-04T02:46:55", "id": "FEDORA:B78AC20EBB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: colord-0.1.15-1.fc16", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}]}
