ID FEDORA_2010-11506.NASL Type nessus Reporter Tenable Modified 2018-07-12T00:00:00
Description
Fix for security issue: remote command execution.
https://svn.kvirc.de/kvirc/ticket/858
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2010-11506.
#
include("compat.inc");
if (description)
{
script_id(48207);
script_version("1.11");
script_cvs_date("Date: 2018/07/12 15:01:51");
script_cve_id("CVE-2010-2785");
script_bugtraq_id(42026);
script_xref(name:"FEDORA", value:"2010-11506");
script_name(english:"Fedora 13 : kvirc-4.0.0-3.fc13 (2010-11506)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Fix for security issue: remote command execution.
https://svn.kvirc.de/kvirc/ticket/858
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
# https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?1a7d414f"
);
script_set_attribute(
attribute:"see_also",
value:"https://svn.kvirc.de/kvirc/ticket/858"
);
script_set_attribute(attribute:"solution", value:"Update the affected kvirc package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kvirc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13");
script_set_attribute(attribute:"patch_publication_date", value:"2010/07/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/02");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC13", reference:"kvirc-4.0.0-3.fc13")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kvirc");
}
{"id": "FEDORA_2010-11506.NASL", "bulletinFamily": "scanner", "title": "Fedora 13 : kvirc-4.0.0-3.fc13 (2010-11506)", "description": "Fix for security issue: remote command execution.\nhttps://svn.kvirc.de/kvirc/ticket/858\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-08-02T00:00:00", "modified": "2018-07-12T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=48207", "reporter": "Tenable", "references": ["http://www.nessus.org/u?1a7d414f", "https://svn.kvirc.de/kvirc/ticket/858"], "cvelist": ["CVE-2010-2785"], "type": "nessus", "lastseen": "2018-09-01T23:49:51", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:kvirc", "cpe:/o:fedoraproject:fedora:13"], "cvelist": ["CVE-2010-2785"], "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Fix for security issue: remote command execution.\nhttps://svn.kvirc.de/kvirc/ticket/858\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "4cb39d13e2ed75b59bebc7706839dffb8ee47e599c3f572fda4aca5d4d78fbd0", "hashmap": [{"hash": "3e5e2456ee54d29a48327bec8db248eb", "key": "cvelist"}, {"hash": "3dfc20df8217703e7233c770fb10b97a", "key": "pluginID"}, {"hash": "263019388a8fca45f39dfc85e4cb47f2", "key": "sourceData"}, {"hash": "9a3707fbda14f6b2d4590eb4c55f6096", "key": "references"}, {"hash": "63c1892e5df8d995e94d8ad2b0534e99", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b4046178da007ca1af9cfd362d11f336", "key": "href"}, {"hash": "40f37fe8cb81012fec588dd007656635", "key": "published"}, {"hash": "d5e3b7e49013e017b29548a12ae55978", "key": "title"}, {"hash": "9acfc3ecd06539a3534549fd05dfad8e", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "f5e850f1985da305c7f9475708cd4d52", "key": "modified"}, {"hash": "17126d0d3d98315fb2eff2f7ed55330a", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=48207", "id": "FEDORA_2010-11506.NASL", "lastseen": "2018-07-13T05:56:08", "modified": "2018-07-12T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "48207", "published": "2010-08-02T00:00:00", "references": ["http://www.nessus.org/u?1a7d414f", "https://svn.kvirc.de/kvirc/ticket/858"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-11506.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48207);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/12 15:01:51\");\n\n script_cve_id(\"CVE-2010-2785\");\n script_bugtraq_id(42026);\n script_xref(name:\"FEDORA\", value:\"2010-11506\");\n\n script_name(english:\"Fedora 13 : kvirc-4.0.0-3.fc13 (2010-11506)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for security issue: remote command execution.\nhttps://svn.kvirc.de/kvirc/ticket/858\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1a7d414f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://svn.kvirc.de/kvirc/ticket/858\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kvirc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kvirc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"kvirc-4.0.0-3.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvirc\");\n}\n", "title": "Fedora 13 : kvirc-4.0.0-3.fc13 (2010-11506)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-07-13T05:56:08"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:kvirc", "cpe:/o:fedoraproject:fedora:13"], "cvelist": ["CVE-2010-2785"], "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Fix for security issue: remote command execution.\nhttps://svn.kvirc.de/kvirc/ticket/858\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "8d73abc9368f4ecab5d6d121cb8d82a0ab3ba6ac84daa04ac164f8b0e07972db", "hashmap": [{"hash": "3e5e2456ee54d29a48327bec8db248eb", "key": "cvelist"}, {"hash": "fba11f8f568a51b0a8bf8e32216f6cb8", "key": "sourceData"}, {"hash": "3dfc20df8217703e7233c770fb10b97a", "key": "pluginID"}, {"hash": "9a3707fbda14f6b2d4590eb4c55f6096", "key": "references"}, {"hash": "63c1892e5df8d995e94d8ad2b0534e99", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e3da22819dd9cc8296d561d46b4d725a", "key": "modified"}, {"hash": "b4046178da007ca1af9cfd362d11f336", "key": "href"}, {"hash": "40f37fe8cb81012fec588dd007656635", "key": "published"}, {"hash": "d5e3b7e49013e017b29548a12ae55978", "key": "title"}, {"hash": "9acfc3ecd06539a3534549fd05dfad8e", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "17126d0d3d98315fb2eff2f7ed55330a", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=48207", "id": "FEDORA_2010-11506.NASL", "lastseen": "2018-07-12T17:54:35", "modified": "2018-07-11T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "48207", "published": "2010-08-02T00:00:00", "references": ["http://www.nessus.org/u?1a7d414f", "https://svn.kvirc.de/kvirc/ticket/858"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-11506.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48207);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/11 17:09:24\");\n\n script_cve_id(\"CVE-2010-2785\");\n script_bugtraq_id(42026);\n script_xref(name:\"FEDORA\", value:\"2010-11506\");\n\n script_name(english:\"Fedora 13 : kvirc-4.0.0-3.fc13 (2010-11506)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for security issue: remote command execution.\nhttps://svn.kvirc.de/kvirc/ticket/858\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1a7d414f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://svn.kvirc.de/kvirc/ticket/858\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kvirc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kvirc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"kvirc-4.0.0-3.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvirc\");\n}\n", "title": "Fedora 13 : kvirc-4.0.0-3.fc13 (2010-11506)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-07-12T17:54:35"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:kvirc", "cpe:/o:fedoraproject:fedora:13"], "cvelist": ["CVE-2010-2785"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Fix for security issue: remote command execution.\nhttps://svn.kvirc.de/kvirc/ticket/858\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "952b2db9994526fb392e794c89c3fa99c90ef4855009d304b6191523b3e9aeb8", "hashmap": [{"hash": "3e5e2456ee54d29a48327bec8db248eb", "key": "cvelist"}, {"hash": "3dfc20df8217703e7233c770fb10b97a", "key": "pluginID"}, {"hash": "263019388a8fca45f39dfc85e4cb47f2", "key": "sourceData"}, {"hash": "9a3707fbda14f6b2d4590eb4c55f6096", "key": "references"}, {"hash": "63c1892e5df8d995e94d8ad2b0534e99", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b4046178da007ca1af9cfd362d11f336", "key": "href"}, {"hash": "40f37fe8cb81012fec588dd007656635", "key": "published"}, {"hash": "d5e3b7e49013e017b29548a12ae55978", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "f5e850f1985da305c7f9475708cd4d52", "key": "modified"}, {"hash": "17126d0d3d98315fb2eff2f7ed55330a", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=48207", "id": "FEDORA_2010-11506.NASL", "lastseen": "2018-08-30T19:43:39", "modified": "2018-07-12T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "48207", "published": "2010-08-02T00:00:00", "references": ["http://www.nessus.org/u?1a7d414f", "https://svn.kvirc.de/kvirc/ticket/858"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-11506.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48207);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/12 15:01:51\");\n\n script_cve_id(\"CVE-2010-2785\");\n script_bugtraq_id(42026);\n script_xref(name:\"FEDORA\", value:\"2010-11506\");\n\n script_name(english:\"Fedora 13 : kvirc-4.0.0-3.fc13 (2010-11506)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for security issue: remote command execution.\nhttps://svn.kvirc.de/kvirc/ticket/858\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1a7d414f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://svn.kvirc.de/kvirc/ticket/858\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kvirc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kvirc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"kvirc-4.0.0-3.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvirc\");\n}\n", "title": "Fedora 13 : kvirc-4.0.0-3.fc13 (2010-11506)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-08-30T19:43:39"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:kvirc", "cpe:/o:fedoraproject:fedora:13"], "cvelist": ["CVE-2010-2785"], "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Fix for security issue: remote command execution.\nhttps://svn.kvirc.de/kvirc/ticket/858\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "96ca458d25a409fe2409ebb5884d8d288b53f4840c366314e757bde228f2cf97", "hashmap": [{"hash": "3e5e2456ee54d29a48327bec8db248eb", "key": "cvelist"}, {"hash": "3dfc20df8217703e7233c770fb10b97a", "key": "pluginID"}, {"hash": "de38caaccc231e6a74b77a602b35db95", "key": "modified"}, {"hash": "9a3707fbda14f6b2d4590eb4c55f6096", "key": "references"}, {"hash": "63c1892e5df8d995e94d8ad2b0534e99", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b4046178da007ca1af9cfd362d11f336", "key": "href"}, {"hash": "40f37fe8cb81012fec588dd007656635", "key": "published"}, {"hash": "d5e3b7e49013e017b29548a12ae55978", "key": "title"}, {"hash": "9acfc3ecd06539a3534549fd05dfad8e", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0a8452958d057778cfeda973165a0a98", "key": "sourceData"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "17126d0d3d98315fb2eff2f7ed55330a", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=48207", "id": "FEDORA_2010-11506.NASL", "lastseen": "2017-10-29T13:39:08", "modified": "2015-10-20T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "48207", "published": "2010-08-02T00:00:00", "references": ["http://www.nessus.org/u?1a7d414f", "https://svn.kvirc.de/kvirc/ticket/858"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-11506.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48207);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2015/10/20 21:05:30 $\");\n\n script_cve_id(\"CVE-2010-2785\");\n script_bugtraq_id(42026);\n script_osvdb_id(66648);\n script_xref(name:\"FEDORA\", value:\"2010-11506\");\n\n script_name(english:\"Fedora 13 : kvirc-4.0.0-3.fc13 (2010-11506)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for security issue: remote command execution.\nhttps://svn.kvirc.de/kvirc/ticket/858\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1a7d414f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://svn.kvirc.de/kvirc/ticket/858\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kvirc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kvirc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"kvirc-4.0.0-3.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvirc\");\n}\n", "title": "Fedora 13 : kvirc-4.0.0-3.fc13 (2010-11506)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:39:08"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2010-2785"], "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Fix for security issue: remote command execution.\nhttps://svn.kvirc.de/kvirc/ticket/858\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "a2e678a9d9bb228ec97254230ff221bc0750e3006707cb7d862e32ab55f8b58f", "hashmap": [{"hash": "3e5e2456ee54d29a48327bec8db248eb", "key": "cvelist"}, {"hash": "3dfc20df8217703e7233c770fb10b97a", "key": "pluginID"}, {"hash": "de38caaccc231e6a74b77a602b35db95", "key": "modified"}, {"hash": "9a3707fbda14f6b2d4590eb4c55f6096", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b4046178da007ca1af9cfd362d11f336", "key": "href"}, {"hash": "40f37fe8cb81012fec588dd007656635", "key": "published"}, {"hash": "d5e3b7e49013e017b29548a12ae55978", "key": "title"}, {"hash": "9acfc3ecd06539a3534549fd05dfad8e", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0a8452958d057778cfeda973165a0a98", "key": "sourceData"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "17126d0d3d98315fb2eff2f7ed55330a", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=48207", "id": "FEDORA_2010-11506.NASL", "lastseen": "2016-09-26T17:24:53", "modified": "2015-10-20T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.2", "pluginID": "48207", "published": "2010-08-02T00:00:00", "references": ["http://www.nessus.org/u?1a7d414f", "https://svn.kvirc.de/kvirc/ticket/858"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-11506.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48207);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2015/10/20 21:05:30 $\");\n\n script_cve_id(\"CVE-2010-2785\");\n script_bugtraq_id(42026);\n script_osvdb_id(66648);\n script_xref(name:\"FEDORA\", value:\"2010-11506\");\n\n script_name(english:\"Fedora 13 : kvirc-4.0.0-3.fc13 (2010-11506)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for security issue: remote command execution.\nhttps://svn.kvirc.de/kvirc/ticket/858\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1a7d414f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://svn.kvirc.de/kvirc/ticket/858\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kvirc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kvirc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"kvirc-4.0.0-3.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvirc\");\n}\n", "title": "Fedora 13 : kvirc-4.0.0-3.fc13 (2010-11506)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:53"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "63c1892e5df8d995e94d8ad2b0534e99"}, {"key": "cvelist", "hash": "3e5e2456ee54d29a48327bec8db248eb"}, {"key": "cvss", "hash": "9acfc3ecd06539a3534549fd05dfad8e"}, {"key": "description", "hash": "17126d0d3d98315fb2eff2f7ed55330a"}, {"key": "href", "hash": "b4046178da007ca1af9cfd362d11f336"}, {"key": "modified", "hash": "f5e850f1985da305c7f9475708cd4d52"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "3dfc20df8217703e7233c770fb10b97a"}, {"key": "published", "hash": "40f37fe8cb81012fec588dd007656635"}, {"key": "references", "hash": "9a3707fbda14f6b2d4590eb4c55f6096"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "263019388a8fca45f39dfc85e4cb47f2"}, {"key": "title", "hash": "d5e3b7e49013e017b29548a12ae55978"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "4cb39d13e2ed75b59bebc7706839dffb8ee47e599c3f572fda4aca5d4d78fbd0", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-11506.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48207);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/12 15:01:51\");\n\n script_cve_id(\"CVE-2010-2785\");\n script_bugtraq_id(42026);\n script_xref(name:\"FEDORA\", value:\"2010-11506\");\n\n script_name(english:\"Fedora 13 : kvirc-4.0.0-3.fc13 (2010-11506)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for security issue: remote command execution.\nhttps://svn.kvirc.de/kvirc/ticket/858\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1a7d414f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://svn.kvirc.de/kvirc/ticket/858\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kvirc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kvirc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"kvirc-4.0.0-3.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvirc\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "48207", "cpe": ["p-cpe:/a:fedoraproject:fedora:kvirc", "cpe:/o:fedoraproject:fedora:13"]}
{"cve": [{"lastseen": "2016-09-03T14:09:48", "references": ["http://marc.info/?l=oss-security&m=128041011428629&w=2", "http://openwall.com/lists/oss-security/2010/07/28/1", "https://svn.kvirc.de/kvirc/changeset/4693", "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html", "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html", "http://bugs.gentoo.org/show_bug.cgi?id=330111", "https://svn.kvirc.de/kvirc/ticket/858", "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"], "description": "The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \\ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \\r and \\40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.", "edition": 1, "reporter": "NVD", "published": "2010-08-02T16:40:01", "type": "cve", "title": "CVE-2010-2785", "enchantments": {"score": {"modified": "2016-09-03T14:09:48", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-2785"], "scanner": [], "cpe": ["cpe:/a:kvirc:kvirc:3.4.0", "cpe:/a:kvirc:kvirc:3.0.0", "cpe:/a:kvirc:kvirc:3.0.0:beta2", "cpe:/a:kvirc:kvirc:3.0.1", "cpe:/a:kvirc:kvirc:3.0.0:beta1", "cpe:/a:kvirc:kvirc:4.0.2", "cpe:/a:kvirc:kvirc:4.0.0", "cpe:/a:kvirc:kvirc:3.4.2", "cpe:/a:kvirc:kvirc:3.4.2:rc1"], "modified": "2010-09-09T01:43:15", "id": "CVE-2010-2785", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2785", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:44:49", "references": ["http://www.nessus.org/u?18ef1fa9", "https://svn.kvirc.de/kvirc/ticket/858"], "pluginID": "48208", "description": "Fix for security issue: remote command execution https://svn.kvirc.de/kvirc/ticket/858\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2010-08-02T00:00:00", "title": "Fedora 12 : kvirc-4.0.0-3.fc12 (2010-11524)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2785"], "modified": "2018-07-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kvirc", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-11524.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=48208", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-11524.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48208);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/12 15:01:51\");\n\n script_cve_id(\"CVE-2010-2785\");\n script_bugtraq_id(42026);\n script_xref(name:\"FEDORA\", value:\"2010-11524\");\n\n script_name(english:\"Fedora 12 : kvirc-4.0.0-3.fc12 (2010-11524)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for security issue: remote command execution\nhttps://svn.kvirc.de/kvirc/ticket/858\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?18ef1fa9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://svn.kvirc.de/kvirc/ticket/858\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kvirc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kvirc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"kvirc-4.0.0-3.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvirc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:34:30", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=626942", "http://lists.opensuse.org/opensuse-updates/2010-08/msg00005.html"], "pluginID": "75565", "description": "This update of kvirc does not further allow remote client to send arbitrary CTCP commands. (CVE-2010-2785)", "edition": 4, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : kvirc (openSUSE-SU-2010:0459-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2785"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kvirc", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:kvirc-devel"], "id": "SUSE_11_3_KVIRC-100802.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75565", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kvirc-2860.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75565);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:55:23 $\");\n\n script_cve_id(\"CVE-2010-2785\");\n\n script_name(english:\"openSUSE Security Update : kvirc (openSUSE-SU-2010:0459-1)\");\n script_summary(english:\"Check for the kvirc-2860 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of kvirc does not further allow remote client to send\narbitrary CTCP commands. (CVE-2010-2785)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2010-08/msg00005.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=626942\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kvirc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kvirc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kvirc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kvirc-3.4.2-10.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kvirc-devel-3.4.2-10.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvirc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:33:10", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=626942", "http://lists.opensuse.org/opensuse-updates/2010-08/msg00005.html"], "pluginID": "48237", "description": "This update of kvirc does not further allow remote client to send arbitrary CTCP commands. (CVE-2010-2785)", "edition": 4, "reporter": "Tenable", "published": "2010-08-03T00:00:00", "title": "openSUSE Security Update : kvirc (openSUSE-SU-2010:0459-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2785"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:kvirc", "p-cpe:/a:novell:opensuse:kvirc-devel"], "id": "SUSE_11_2_KVIRC-100802.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=48237", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kvirc-2860.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48237);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:00:36 $\");\n\n script_cve_id(\"CVE-2010-2785\");\n\n script_name(english:\"openSUSE Security Update : kvirc (openSUSE-SU-2010:0459-1)\");\n script_summary(english:\"Check for the kvirc-2860 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of kvirc does not further allow remote client to send\narbitrary CTCP commands. (CVE-2010-2785)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2010-08/msg00005.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=626942\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kvirc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kvirc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kvirc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kvirc-3.4.2-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kvirc-devel-3.4.2-4.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvirc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:19", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=626942", "http://lists.opensuse.org/opensuse-updates/2010-08/msg00005.html"], "pluginID": "48234", "description": "This update of kvirc does not further allow remote client to send arbitrary CTCP commands. (CVE-2010-2785)", "edition": 4, "reporter": "Tenable", "published": "2010-08-03T00:00:00", "title": "openSUSE Security Update : kvirc (openSUSE-SU-2010:0459-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2785"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:kvirc", "p-cpe:/a:novell:opensuse:kvirc-devel"], "id": "SUSE_11_1_KVIRC-100802.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=48234", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kvirc-2860.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48234);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:49:35 $\");\n\n script_cve_id(\"CVE-2010-2785\");\n\n script_name(english:\"openSUSE Security Update : kvirc (openSUSE-SU-2010:0459-1)\");\n script_summary(english:\"Check for the kvirc-2860 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of kvirc does not further allow remote client to send\narbitrary CTCP commands. (CVE-2010-2785)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2010-08/msg00005.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=626942\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kvirc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kvirc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kvirc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kvirc-3.4.2-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kvirc-devel-3.4.2-2.26.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvirc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:37:00", "references": ["http://www.debian.org/security/2010/dsa-2078"], "pluginID": "48221", "description": "It was discovered that incorrect parsing of CTCP commands in kvirc, a KDE-based IRC client, could lead to the execution of arbitrary IRC commands against other users.", "edition": 4, "reporter": "Tenable", "published": "2010-08-03T00:00:00", "title": "Debian DSA-2078-1 : kvirc - programming error", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2785"], "modified": "2014-02-23T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:kvirc"], "id": "DEBIAN_DSA-2078.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=48221", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2078. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48221);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2014/02/23 00:39:22 $\");\n\n script_cve_id(\"CVE-2010-2785\");\n script_bugtraq_id(42026);\n script_xref(name:\"DSA\", value:\"2078\");\n\n script_name(english:\"Debian DSA-2078-1 : kvirc - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that incorrect parsing of CTCP commands in kvirc, a\nKDE-based IRC client, could lead to the execution of arbitrary IRC\ncommands against other users.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2010/dsa-2078\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the kvirc package.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2:3.4.0-6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kvirc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"kvirc\", reference:\"2:3.4.0-6\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kvirc-data\", reference:\"2:3.4.0-6\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kvirc-dev\", reference:\"2:3.4.0-6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:09:17", "references": ["https://security.gentoo.org/glsa/201402-20"], "pluginID": "72634", "description": "The remote host is affected by the vulnerability described in GLSA-201402-20 (KVIrc: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in KVIrc. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or overwrite arbitrary files.\n Workaround :\n\n There is no known workaround at this time.", "edition": 5, "reporter": "Tenable", "published": "2014-02-23T00:00:00", "title": "GLSA-201402-20 : KVIrc: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2785", "CVE-2010-2451", "CVE-2010-2452"], "modified": "2018-07-12T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:kvirc", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201402-20.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=72634", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201402-20.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72634);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2010-2451\", \"CVE-2010-2452\", \"CVE-2010-2785\");\n script_bugtraq_id(40746, 42026);\n script_xref(name:\"GLSA\", value:\"201402-20\");\n\n script_name(english:\"GLSA-201402-20 : KVIrc: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201402-20\n(KVIrc: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in KVIrc. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of\n Service condition, or overwrite arbitrary files.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201402-20\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All KVIrc users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-irc/kvirc-4.1_pre4693'\n NOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since July 29, 2010. It is likely that your system is already\n no longer affected by this issue.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:kvirc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-irc/kvirc\", unaffected:make_list(\"ge 4.1_pre4693\"), vulnerable:make_list(\"lt 4.1_pre4693\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"KVIrc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:36", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2078-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nJuly 31, 2010 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : kvirc\r\nVulnerability : programming error\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE Id(s) : CVE-2010-2785\r\n\r\nIt was discovered that incorrect parsing of CTCP commands in kvirc, a \r\nKDE-based IRC client, could lead to the execution of arbitrary IRC \r\ncommands against other users.\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 2:3.4.0-6.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 4:4.0.0-3.\r\n\r\nWe recommend that you upgrade your kvirc package.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0.orig.tar.gz\r\n Size/MD5 checksum: 7174211 0f1b85f3b6de354dfd44891923e48ef2\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6.diff.gz\r\n Size/MD5 checksum: 103370 35c6b5b288e21f1b2736a7aee463c8f6\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6.dsc\r\n Size/MD5 checksum: 1312 0db5bab03ef6dd87d89a541b7db4300c\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-data_3.4.0-6_all.deb\r\n Size/MD5 checksum: 3485832 d0f825b40255900e945396a6d33467d2\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_alpha.deb\r\n Size/MD5 checksum: 3989286 eb13425c5d3b6d16bf3dbbe6799cdab0\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_alpha.deb\r\n Size/MD5 checksum: 363058 85ad7e56fb7071fab9ca4b49c06ecf36\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_amd64.deb\r\n Size/MD5 checksum: 360666 d64d34741c1363195456b2cdf2ce7229\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_amd64.deb\r\n Size/MD5 checksum: 3712634 0e792af0082b16e32dd1cf5618dba238\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_arm.deb\r\n Size/MD5 checksum: 3762830 bf42ca885cc6a6eb0b2734f2f13abcbe\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_arm.deb\r\n Size/MD5 checksum: 382752 6bfdcd491c6fb27bbbf8e3eb055d9245\r\n\r\narmel architecture (ARM EABI)\r\n\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_armel.deb\r\n Size/MD5 checksum: 381176 9b876dec7a7d19261488a4c92fe0e17a\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_armel.deb\r\n Size/MD5 checksum: 3227100 9aaaa2429d77f2266b4f4ebed139dc29\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_hppa.deb\r\n Size/MD5 checksum: 4039054 1ab24d4eff5d6b5745bbaab02dbf3376\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_hppa.deb\r\n Size/MD5 checksum: 386628 b41f84f4b3d213bf69be92498bb7c720\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_i386.deb\r\n Size/MD5 checksum: 362768 065afca44287281e2b862bb4ea7a04b2\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_i386.deb\r\n Size/MD5 checksum: 3582112 697fa1f8d355470b3dd03359bcc529a0\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_ia64.deb\r\n Size/MD5 checksum: 4665172 a9e86a0948ad4d0d2ec109333e219ea4\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_ia64.deb\r\n Size/MD5 checksum: 385070 867eb6fbd8fa350b38ec2a64c0afea32\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_mips.deb\r\n Size/MD5 checksum: 3364772 ffa424acbb31e619eabc368e07acdd1f\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_mips.deb\r\n Size/MD5 checksum: 385918 03fec2e94f02017936f906c0efa7037f\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_mipsel.deb\r\n Size/MD5 checksum: 3316258 12712dab0045b527204d270280561c49\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_mipsel.deb\r\n Size/MD5 checksum: 363396 e386d21f7024e1242f8e75f788eeb9ca\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_powerpc.deb\r\n Size/MD5 checksum: 379950 66e321f4dd44c84dd6f7fff1a427c5bd\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_powerpc.deb\r\n Size/MD5 checksum: 3915694 e43cda1285368979b6e4209e2ab2de0b\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_s390.deb\r\n Size/MD5 checksum: 3638826 12a1793bbfd297891589d678f0222655\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_s390.deb\r\n Size/MD5 checksum: 362946 80717eeaad3784f156605ce38b8e2a22\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_sparc.deb\r\n Size/MD5 checksum: 3529894 e5848f3feaa2252eb22d3813547b97fd\r\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_sparc.deb\r\n Size/MD5 checksum: 381298 e56d344f6c4e1d1f93390f6f5b513617\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAkxUQw0ACgkQXm3vHE4uylogNQCfQyP87FHn/cN6tOqf/+8qmR3G\r\n5EwAn2c/C2trqvzhTNd/XUt84f8hKChR\r\n=vTzu\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2010-08-14T00:00:00", "title": "[SECURITY] [DSA 2078-1] New kvirc packages fix arbitrary IRC command execution", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:36", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-2785"], "modified": "2010-08-14T00:00:00", "id": "SECURITYVULNS:DOC:24490", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24490", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:37", "references": ["https://vulners.com/securityvulns/securityvulns:doc:24490", "https://vulners.com/securityvulns/securityvulns:doc:24139"], "description": "Directory traversal, format string vulnerability.", "edition": 1, "reporter": "BUGTRAQ", "published": "2010-08-14T00:00:00", "title": "kvirc IRC client multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:37", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "kvirc", "version": "4.0", "operator": "eq"}], "cvelist": ["CVE-2010-2785", "CVE-2010-2451", "CVE-2010-2452"], "modified": "2010-08-14T00:00:00", "id": "SECURITYVULNS:VULN:10961", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10961", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-03T21:04:47", "osvdbidlist": ["66648"], "references": [], "edition": 1, "description": "KVIrc 4.0 '\\r' Carriage Return in DCC Handshake Remote Command Execution Vulnerability. CVE-2010-2785. Remote exploit for linux platform", "reporter": "unic0rn", "published": "2010-07-28T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "exploitdb", "title": "KVIrc <= 4.0 - '\\r' Carriage Return in DCC Handshake Remote Command Execution Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-2785"], "modified": "2010-07-28T00:00:00", "id": "EDB-ID:34385", "href": "https://www.exploit-db.com/exploits/34385/", "sourceData": "source: http://www.securityfocus.com/bid/42026/info\r\n\r\nKVIrc is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.\r\n\r\nExploiting this issue can allow an attacker to execute arbitrary commands within the context of the affected application.\r\n\r\nKVIrc 4.0.0 is vulnerable; other versions may also be affected. \r\n\r\n/ctcp nickname DCC GET\\rQUIT\\r\r\n/ctcp nickname DCC GET\\rPRIVMSG\\40#channel\\40:epic\\40fail\\r ", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/34385/"}], "debian": [{"lastseen": "2018-10-16T22:12:59", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "5", "packageVersion": "2:3.4.0-6", "arch": "all", "packageFilename": "kvirc-dev_2:3.4.0-6_all.deb", "packageName": "kvirc-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2:3.4.0-6", "arch": "all", "packageFilename": "kvirc_2:3.4.0-6_all.deb", "packageName": "kvirc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2:3.4.0-6", "arch": "all", "packageFilename": "kvirc-data_2:3.4.0-6_all.deb", "packageName": "kvirc-data", "operator": "lt"}], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2078-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 31, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : kvirc\nVulnerability : programming error\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2010-2785\n\nIt was discovered that incorrect parsing of CTCP commands in kvirc, a \nKDE-based IRC client, could lead to the execution of arbitrary IRC \ncommands against other users.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2:3.4.0-6.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4:4.0.0-3.\n\nWe recommend that you upgrade your kvirc package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0.orig.tar.gz\n Size/MD5 checksum: 7174211 0f1b85f3b6de354dfd44891923e48ef2\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6.diff.gz\n Size/MD5 checksum: 103370 35c6b5b288e21f1b2736a7aee463c8f6\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6.dsc\n Size/MD5 checksum: 1312 0db5bab03ef6dd87d89a541b7db4300c\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-data_3.4.0-6_all.deb\n Size/MD5 checksum: 3485832 d0f825b40255900e945396a6d33467d2\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_alpha.deb\n Size/MD5 checksum: 3989286 eb13425c5d3b6d16bf3dbbe6799cdab0\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_alpha.deb\n Size/MD5 checksum: 363058 85ad7e56fb7071fab9ca4b49c06ecf36\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_amd64.deb\n Size/MD5 checksum: 360666 d64d34741c1363195456b2cdf2ce7229\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_amd64.deb\n Size/MD5 checksum: 3712634 0e792af0082b16e32dd1cf5618dba238\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_arm.deb\n Size/MD5 checksum: 3762830 bf42ca885cc6a6eb0b2734f2f13abcbe\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_arm.deb\n Size/MD5 checksum: 382752 6bfdcd491c6fb27bbbf8e3eb055d9245\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_armel.deb\n Size/MD5 checksum: 381176 9b876dec7a7d19261488a4c92fe0e17a\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_armel.deb\n Size/MD5 checksum: 3227100 9aaaa2429d77f2266b4f4ebed139dc29\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_hppa.deb\n Size/MD5 checksum: 4039054 1ab24d4eff5d6b5745bbaab02dbf3376\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_hppa.deb\n Size/MD5 checksum: 386628 b41f84f4b3d213bf69be92498bb7c720\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_i386.deb\n Size/MD5 checksum: 362768 065afca44287281e2b862bb4ea7a04b2\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_i386.deb\n Size/MD5 checksum: 3582112 697fa1f8d355470b3dd03359bcc529a0\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_ia64.deb\n Size/MD5 checksum: 4665172 a9e86a0948ad4d0d2ec109333e219ea4\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_ia64.deb\n Size/MD5 checksum: 385070 867eb6fbd8fa350b38ec2a64c0afea32\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_mips.deb\n Size/MD5 checksum: 3364772 ffa424acbb31e619eabc368e07acdd1f\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_mips.deb\n Size/MD5 checksum: 385918 03fec2e94f02017936f906c0efa7037f\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_mipsel.deb\n Size/MD5 checksum: 3316258 12712dab0045b527204d270280561c49\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_mipsel.deb\n Size/MD5 checksum: 363396 e386d21f7024e1242f8e75f788eeb9ca\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_powerpc.deb\n Size/MD5 checksum: 379950 66e321f4dd44c84dd6f7fff1a427c5bd\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_powerpc.deb\n Size/MD5 checksum: 3915694 e43cda1285368979b6e4209e2ab2de0b\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_s390.deb\n Size/MD5 checksum: 3638826 12a1793bbfd297891589d678f0222655\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_s390.deb\n Size/MD5 checksum: 362946 80717eeaad3784f156605ce38b8e2a22\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_sparc.deb\n Size/MD5 checksum: 3529894 e5848f3feaa2252eb22d3813547b97fd\n http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_sparc.deb\n Size/MD5 checksum: 381298 e56d344f6c4e1d1f93390f6f5b513617\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 1, "reporter": "Debian", "published": "2010-07-31T15:38:12", "title": "[SECURITY] [DSA 2078-1] New kvirc packages fix arbitrary IRC command execution", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:12:59", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-2785"], "modified": "2010-07-31T15:38:12", "id": "DEBIAN:DSA-2078-1:CDD83", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00123.html", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-28T18:24:10", "references": ["https://security.gentoo.org/glsa/201402-20"], "pluginID": "1361412562310121151", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201402-20", "edition": 6, "reporter": "Eero Volotinen", "published": "2015-09-29T00:00:00", "title": "Gentoo Security Advisory GLSA 201402-20", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2785", "CVE-2010-2451", "CVE-2010-2452"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310121151", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121151", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201402-20.nasl 11671 2018-09-28 10:44:05Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121151\");\n script_version(\"$Revision: 11671 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:55 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 12:44:05 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201402-20\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in KVIrc. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201402-20\");\n script_cve_id(\"CVE-2010-2451\", \"CVE-2010-2452\", \"CVE-2010-2785\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201402-20\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-irc/kvirc\", unaffected: make_list(\"ge 4.1_pre4693\"), vulnerable: make_list(\"lt 4.1_pre4693\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:30", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2451", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2785", "https://bugs.gentoo.org/show_bug.cgi?id=326149", "https://bugs.gentoo.org/show_bug.cgi?id=330111", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2452"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.1_pre4693", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-irc/kvirc", "operator": "lt"}], "edition": 1, "description": "### Background\n\nKVIrc is a free portable IRC client based on Qt.\n\n### Description\n\nMultiple vulnerabilities have been discovered in KVIrc. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or overwrite arbitrary files. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll KVIrc users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-irc/kvirc-4.1_pre4693\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since July 29, 2010. It is likely that your system is already no longer affected by this issue.", "reporter": "Gentoo Foundation", "published": "2014-02-21T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "KVIrc: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2785", "CVE-2010-2451", "CVE-2010-2452"], "modified": "2014-02-21T00:00:00", "id": "GLSA-201402-20", "href": "https://security.gentoo.org/glsa/201402-20", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
