{"id": "FEDORA:E99E5222C7", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 20 Update: audiocd-kio-4.14.1-1.fc20", "description": "Audiocd kio slave. ", "published": "2014-09-27T09:47:43", "modified": "2014-09-27T09:47:43", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2014-5033"], "lastseen": "2020-12-21T08:17:52", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-5033"]}, {"type": "fedora", "idList": ["FEDORA:27BBD222C7", "FEDORA:EFD50225C7", "FEDORA:2D6A522A1E", "FEDORA:32928222C7", "FEDORA:0E4F022A45", "FEDORA:3853722A6B", "FEDORA:720F6220D2", "FEDORA:0A84B2276E", "FEDORA:B16FC220D2", "FEDORA:0C1B3227AC"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310868227", "OPENVAS:1361412562310868232", "OPENVAS:1361412562310868318", "OPENVAS:1361412562310868242", "OPENVAS:1361412562310868245", "OPENVAS:1361412562310868284", "OPENVAS:1361412562310868269", "OPENVAS:1361412562310868255", "OPENVAS:1361412562310868294", "OPENVAS:1361412562310868250"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_2F90556F18C611E49CC45453ED2E2B49.NASL", "FEDORA_2014-11348.NASL", "FEDORA_2014-9641.NASL", "REDHAT-RHSA-2014-1359.NASL", "OPENSUSE-2014-485.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30963"]}, {"type": "freebsd", "idList": ["2F90556F-18C6-11E4-9CC4-5453ED2E2B49"]}], "modified": "2020-12-21T08:17:52", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2020-12-21T08:17:52", "rev": 2}, "vulnersScore": 6.9}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "20", "arch": "any", "packageName": "audiocd-kio", "packageVersion": "4.14.1", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"cve": [{"lastseen": "2021-02-02T06:14:31", "description": "KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and \"PID reuse race conditions.\"", "edition": 6, "cvss3": {}, "published": "2014-08-19T18:55:00", "title": "CVE-2014-5033", "type": "cve", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5033"], "modified": "2014-10-16T07:22:00", "cpe": ["cpe:/a:kde:kdelibs:4.12.2", "cpe:/a:kde:kdelibs:4.11.80", "cpe:/a:kde:kdelibs:4.13.1", "cpe:/a:kde:kdelibs:4.10.0", "cpe:/a:debian:kde4libs:-", "cpe:/a:kde:kdelibs:4.13.3", "cpe:/a:kde:kdelibs:4.12.80", "cpe:/a:kde:kdelibs:4.10.97", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:kde:kdelibs:4.11.5", "cpe:/a:kde:kdelibs:4.12.1", "cpe:/a:kde:kdelibs:4.10.2", "cpe:/a:kde:kdelibs:4.11.97", "cpe:/a:kde:kdelibs:4.13.2", "cpe:/a:kde:kdelibs:4.10.1", "cpe:/a:kde:kdelibs:4.12.5", "cpe:/a:kde:kauth:5.0", "cpe:/a:kde:kdelibs:4.12.97", "cpe:/a:kde:kdelibs:4.11.3", "cpe:/a:kde:kdelibs:4.10.3", "cpe:/a:kde:kdelibs:4.13.80", "cpe:/a:kde:kdelibs:4.11.90", "cpe:/a:kde:kdelibs:4.12.4", "cpe:/a:kde:kdelibs:4.12.0", "cpe:/a:kde:kdelibs:4.13.0", "cpe:/a:kde:kdelibs:4.13.95", "cpe:/a:kde:kdelibs:4.13.97", "cpe:/a:kde:kdelibs:4.12.90", "cpe:/a:kde:kdelibs:4.11.4", "cpe:/a:kde:kdelibs:4.11.2", "cpe:/a:kde:kdelibs:4.11.95", "cpe:/a:kde:kdelibs:4.13.90", "cpe:/a:kde:kdelibs:4.11.0", "cpe:/a:kde:kdelibs:4.10.95", "cpe:/a:kde:kdelibs:4.12.95", "cpe:/a:kde:kdelibs:4.12.3", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/a:kde:kdelibs:4.11.1"], "id": "CVE-2014-5033", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5033", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:kde:kdelibs:4.12.4:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.12.97:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.11.5:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.11.4:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.13.90:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.12.5:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.13.97:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.11.90:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.10.95:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.13.2:*:*:*:*:*:*:*", "cpe:2.3:a:debian:kde4libs:-:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.13.95:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.13.3:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.10.97:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.12.80:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.11.95:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.12.95:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.11.97:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.13.80:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.12.90:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kauth:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdelibs:4.12.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:kde:kdelibs:4.11.80:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "A photo album tool. Focuses on three key points: * It must be easy to describe a number of images at a time. * It must be easy to search for images. * It must be easy to browse and View the images. ", "modified": "2014-09-27T09:47:52", "published": "2014-09-27T09:47:52", "id": "FEDORA:93D4A22AB8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: kphotoalbum-4.5-2.fc20", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "Kdeutils metapackage, to ease migration to split applications ", "modified": "2014-09-27T09:47:47", "published": "2014-09-27T09:47:47", "id": "FEDORA:F373922787", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: kdeutils-4.14.1-1.fc20", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "Letter Order Game. ", "modified": "2014-09-27T09:47:44", "published": "2014-09-27T09:47:44", "id": "FEDORA:E76F5220D2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: kanagram-4.14.1-1.fc20", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "Touch Typing Tutor. ", "modified": "2014-09-27T09:47:49", "published": "2014-09-27T09:47:49", "id": "FEDORA:A1943225C7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: ktouch-4.14.1-1.fc20", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "KCalc is a calculator which offers many more mathematical functions than meet the eye on a first glance. ", "modified": "2014-09-27T09:47:44", "published": "2014-09-27T09:47:44", "id": "FEDORA:273642276E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: kcalc-4.14.1-1.fc20", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "digiKam is an easy to use and powerful digital photo management application, which makes importing, organizing and manipulating digital photos a \"snap\". An easy to use interface is provided to connect to your digital camera, preview the images and download and/or delete them. digiKam built-in image editor makes the common photo correction a simple ta sk. The image editor is extensible via plugins, can also make use of the KIPI i mage handling plugins to extend its capabilities even further for photo manipulations, import and export, etc. Install the kipi-plugins packages to use them. ", "modified": "2014-09-27T09:47:53", "published": "2014-09-27T09:47:53", "id": "FEDORA:C8BD622A1E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: digikam-4.3.0-2.fc20", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "An image viewer. ", "modified": "2014-09-27T09:47:43", "published": "2014-09-27T09:47:43", "id": "FEDORA:71149222C7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: gwenview-4.14.1-1.fc20", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "Subsurface is an open source dive log program. Developed in C using GTK+-2.0, glib-2 and libxml-2, it relies on libdivecomputer to connect to the dive computer and thus support all the dive computer supported by libdivecomputer. ", "modified": "2014-09-27T09:47:53", "published": "2014-09-27T09:47:53", "id": "FEDORA:AF636225C7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: subsurface-4.2-1.fc20.1", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "Internationalization support for KDE. ", "modified": "2014-09-27T09:47:44", "published": "2014-09-27T09:47:44", "id": "FEDORA:76A8E222C7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: kde-l10n-4.14.1-1.fc20", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "Kross interpreters. ", "modified": "2014-09-27T09:47:49", "published": "2014-09-27T09:47:49", "id": "FEDORA:03AB2222C7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: kross-interpreters-4.14.1-1.fc20", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:37:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310868279", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868279", "type": "openvas", "title": "Fedora Update for libksane FEDORA-2014-11448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libksane FEDORA-2014-11448\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868279\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:58:47 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-5033\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for libksane FEDORA-2014-11448\");\n script_tag(name:\"affected\", value:\"libksane on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11448\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138813.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libksane'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"libksane\", rpm:\"libksane~4.14.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310868278", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868278", "type": "openvas", "title": "Fedora Update for libkexiv2 FEDORA-2014-11448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libkexiv2 FEDORA-2014-11448\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868278\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:57:52 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-5033\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for libkexiv2 FEDORA-2014-11448\");\n script_tag(name:\"affected\", value:\"libkexiv2 on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11448\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138811.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libkexiv2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"libkexiv2\", rpm:\"libkexiv2~4.14.1~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310868337", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868337", "type": "openvas", "title": "Fedora Update for krdc FEDORA-2014-11448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krdc FEDORA-2014-11448\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868337\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:58:03 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-5033\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for krdc FEDORA-2014-11448\");\n script_tag(name:\"affected\", value:\"krdc on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11448\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138790.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'krdc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"krdc\", rpm:\"krdc~4.14.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310868332", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868332", "type": "openvas", "title": "Fedora Update for jovie FEDORA-2014-11448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for jovie FEDORA-2014-11448\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868332\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:59:20 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-5033\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for jovie FEDORA-2014-11448\");\n script_tag(name:\"affected\", value:\"jovie on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11448\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138727.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jovie'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"jovie\", rpm:\"jovie~4.14.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310868308", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868308", "type": "openvas", "title": "Fedora Update for juk FEDORA-2014-11448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for juk FEDORA-2014-11448\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868308\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:59:11 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-5033\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for juk FEDORA-2014-11448\");\n script_tag(name:\"affected\", value:\"juk on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11448\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138728.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'juk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"juk\", rpm:\"juk~4.14.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310868247", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868247", "type": "openvas", "title": "Fedora Update for kdnssd FEDORA-2014-11448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdnssd FEDORA-2014-11448\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868247\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:59:47 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-5033\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for kdnssd FEDORA-2014-11448\");\n script_tag(name:\"affected\", value:\"kdnssd on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11448\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138768.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kdnssd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdnssd\", rpm:\"kdnssd~4.14.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310868327", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868327", "type": "openvas", "title": "Fedora Update for libkcddb FEDORA-2014-11448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libkcddb FEDORA-2014-11448\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868327\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:58:27 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-5033\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for libkcddb FEDORA-2014-11448\");\n script_tag(name:\"affected\", value:\"libkcddb on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11448\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138807.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libkcddb'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"libkcddb\", rpm:\"libkcddb~4.14.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310868222", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868222", "type": "openvas", "title": "Fedora Update for calligra-l10n FEDORA-2014-11448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for calligra-l10n FEDORA-2014-11448\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868222\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 17:00:08 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-5033\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for calligra-l10n FEDORA-2014-11448\");\n script_tag(name:\"affected\", value:\"calligra-l10n on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11448\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138833.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'calligra-l10n'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"calligra-l10n\", rpm:\"calligra-l10n~2.8.6~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310868343", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868343", "type": "openvas", "title": "Fedora Update for kde-print-manager FEDORA-2014-11448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kde-print-manager FEDORA-2014-11448\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868343\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:58:55 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-5033\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for kde-print-manager FEDORA-2014-11448\");\n script_tag(name:\"affected\", value:\"kde-print-manager on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11448\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138745.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kde-print-manager'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"kde-print-manager\", rpm:\"kde-print-manager~4.14.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-10-01T00:00:00", "id": "OPENVAS:1361412562310868265", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868265", "type": "openvas", "title": "Fedora Update for ruby-korundum FEDORA-2014-11448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ruby-korundum FEDORA-2014-11448\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868265\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:58:22 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-5033\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for ruby-korundum FEDORA-2014-11448\");\n script_tag(name:\"affected\", value:\"ruby-korundum on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11448\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138822.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby-korundum'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby-korundum\", rpm:\"ruby-korundum~4.14.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-12T10:13:07", "description": "updated to the new release of polkit-qt\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-09-22T00:00:00", "title": "Fedora 19 : polkit-qt-0.112.0-1.fc19 (2014-9602)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "modified": "2014-09-22T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:polkit-qt"], "id": "FEDORA_2014-9602.NASL", "href": "https://www.tenable.com/plugins/nessus/77771", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-9602.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77771);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-5033\");\n script_bugtraq_id(68771);\n script_xref(name:\"FEDORA\", value:\"2014-9602\");\n\n script_name(english:\"Fedora 19 : polkit-qt-0.112.0-1.fc19 (2014-9602)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"updated to the new release of polkit-qt\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1094890\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-September/137764.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?52ff9bf4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected polkit-qt package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:polkit-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"polkit-qt-0.112.0-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"polkit-qt\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:49:12", "description": "From Red Hat Security Advisory 2014:1359 :\n\nUpdated polkit-qt packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nPolkit-qt is a library that lets developers use the PolicyKit API\nthrough a Qt-styled API. The polkit-qt library is used by the KDE\nAuthentication Agent (KAuth), which is a part of kdelibs.\n\nIt was found that polkit-qt handled authorization requests with\nPolicyKit via a D-Bus API that is vulnerable to a race condition. A\nlocal user could use this flaw to bypass intended PolicyKit\nauthorizations. This update modifies polkit-qt to communicate with\nPolicyKit via a different API that is not vulnerable to the race\ncondition. (CVE-2014-5033)\n\nAll polkit-qt users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.", "edition": 21, "published": "2014-10-07T00:00:00", "title": "Oracle Linux 7 : polkit-qt (ELSA-2014-1359)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "modified": "2014-10-07T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:polkit-qt-devel", "p-cpe:/a:oracle:linux:polkit-qt-doc", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:polkit-qt"], "id": "ORACLELINUX_ELSA-2014-1359.NASL", "href": "https://www.tenable.com/plugins/nessus/78072", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1359 and \n# Oracle Linux Security Advisory ELSA-2014-1359 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78072);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-5033\");\n script_bugtraq_id(68771);\n script_xref(name:\"RHSA\", value:\"2014:1359\");\n\n script_name(english:\"Oracle Linux 7 : polkit-qt (ELSA-2014-1359)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:1359 :\n\nUpdated polkit-qt packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nPolkit-qt is a library that lets developers use the PolicyKit API\nthrough a Qt-styled API. The polkit-qt library is used by the KDE\nAuthentication Agent (KAuth), which is a part of kdelibs.\n\nIt was found that polkit-qt handled authorization requests with\nPolicyKit via a D-Bus API that is vulnerable to a race condition. A\nlocal user could use this flaw to bypass intended PolicyKit\nauthorizations. This update modifies polkit-qt to communicate with\nPolicyKit via a different API that is not vulnerable to the race\ncondition. (CVE-2014-5033)\n\nAll polkit-qt users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-October/004508.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected polkit-qt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:polkit-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:polkit-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:polkit-qt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"polkit-qt-0.103.0-10.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"polkit-qt-devel-0.103.0-10.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"polkit-qt-doc-0.103.0-10.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"polkit-qt / polkit-qt-devel / polkit-qt-doc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:15:01", "description": "Updated polkit-qt packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nPolkit-qt is a library that lets developers use the PolicyKit API\nthrough a Qt-styled API. The polkit-qt library is used by the KDE\nAuthentication Agent (KAuth), which is a part of kdelibs.\n\nIt was found that polkit-qt handled authorization requests with\nPolicyKit via a D-Bus API that is vulnerable to a race condition. A\nlocal user could use this flaw to bypass intended PolicyKit\nauthorizations. This update modifies polkit-qt to communicate with\nPolicyKit via a different API that is not vulnerable to the race\ncondition. (CVE-2014-5033)\n\nAll polkit-qt users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.", "edition": 25, "published": "2014-10-07T00:00:00", "title": "RHEL 7 : polkit-qt (RHSA-2014:1359)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "modified": "2014-10-07T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:polkit-qt-devel", "cpe:/o:redhat:enterprise_linux:7.7", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:polkit-qt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:polkit-qt", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:polkit-qt-doc"], "id": "REDHAT-RHSA-2014-1359.NASL", "href": "https://www.tenable.com/plugins/nessus/78073", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1359. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78073);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-5033\");\n script_xref(name:\"RHSA\", value:\"2014:1359\");\n\n script_name(english:\"RHEL 7 : polkit-qt (RHSA-2014:1359)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated polkit-qt packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nPolkit-qt is a library that lets developers use the PolicyKit API\nthrough a Qt-styled API. The polkit-qt library is used by the KDE\nAuthentication Agent (KAuth), which is a part of kdelibs.\n\nIt was found that polkit-qt handled authorization requests with\nPolicyKit via a D-Bus API that is vulnerable to a race condition. A\nlocal user could use this flaw to bypass intended PolicyKit\nauthorizations. This update modifies polkit-qt to communicate with\nPolicyKit via a different API that is not vulnerable to the race\ncondition. (CVE-2014-5033)\n\nAll polkit-qt users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-5033\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:polkit-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:polkit-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:polkit-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:polkit-qt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1359\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"polkit-qt-0.103.0-10.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"polkit-qt-debuginfo-0.103.0-10.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"polkit-qt-devel-0.103.0-10.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"polkit-qt-doc-0.103.0-10.el7_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"polkit-qt / polkit-qt-debuginfo / polkit-qt-devel / polkit-qt-doc\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:41:02", "description": "Martin Sandsmark reports :\n\nThe KAuth framework uses polkit-1 API which tries to authenticate\nusing the requestors PID. This is prone to PID reuse race conditions.\n\nThis potentially allows a malicious application to pose as another for\nauthentication purposes when executing privileged actions.", "edition": 22, "published": "2014-08-01T00:00:00", "title": "FreeBSD : kdelibs -- KAuth PID Reuse Flaw (2f90556f-18c6-11e4-9cc4-5453ed2e2b49)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5033"], "modified": "2014-08-01T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:kdelibs"], "id": "FREEBSD_PKG_2F90556F18C611E49CC45453ED2E2B49.NASL", "href": "https://www.tenable.com/plugins/nessus/76951", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76951);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-5033\");\n\n script_name(english:\"FreeBSD : kdelibs -- KAuth PID Reuse Flaw (2f90556f-18c6-11e4-9cc4-5453ed2e2b49)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Martin Sandsmark reports :\n\nThe KAuth framework uses polkit-1 API which tries to authenticate\nusing the requestors PID. This is prone to PID reuse race conditions.\n\nThis potentially allows a malicious application to pose as another for\nauthentication purposes when executing privileged actions.\"\n );\n # http://lists.kde.org/?l=kde-announce&m=140674898412923&w=2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=kde-announce&m=140674898412923&w=2\"\n );\n # https://vuxml.freebsd.org/freebsd/2f90556f-18c6-11e4-9cc4-5453ed2e2b49.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29a5384e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"kdelibs<4.12.5_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:56", "bulletinFamily": "software", "cvelist": ["CVE-2014-5033"], "description": "Kauth polkit authorization check bypass.", "edition": 1, "modified": "2014-08-04T00:00:00", "published": "2014-08-04T00:00:00", "id": "SECURITYVULNS:VULN:13893", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13893", "title": "KDE restrictions bypass", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:15:49", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5033"], "description": "Package : kde4libs\nVersion : 4:4.4.5-2+squeeze4\nCVE ID : CVE-2014-5033\n\nIt was discovered that KAuth, part of kdelibs, uses polkit in a way\nthat is prone to a race condition that may allow authorization bypass.\n", "edition": 9, "modified": "2014-10-24T11:43:39", "published": "2014-10-24T11:43:39", "id": "DEBIAN:DLA-76-1:76BAE", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201410/msg00009.html", "title": "[SECURITY] [DLA 76-1] kde4libs security update", "type": "debian", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}]}