Lucene search
K

Fedora 30 : 6:kdelibs / kde-settings (2019-a746ac9c89)

🗓️ 14 Aug 2019 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 38 Views

This update fixes CVE-2019-14744 in kdelibs 4, removes obsolete settings in kde-setting

Related
Refs
Code
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2019-a746ac9c89.
#

include('compat.inc');

if (description)
{
  script_id(127873);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/03");

  script_cve_id("CVE-2019-14744");
  script_xref(name:"FEDORA", value:"2019-a746ac9c89");

  script_name(english:"Fedora 30 : 6:kdelibs / kde-settings (2019-a746ac9c89)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"This update fixes **CVE-2019-14744 (kconfig arbitrary shell code
execution)** in the compatibility library `kdelibs` 4 used by legacy
applications (not yet ported to KDE Frameworks 5). The included
`kde-settings` update removes obsolete settings that conflict with the
security fix and are no longer needed (see below for details).

The full list of fixes in the `kdelibs` 4 build :

  - fixes **CVE-2019-14744 (#1740138, #1740140)** –
    `kconfig`: malicious `.desktop` files (and others) would
    execute code. KConfig had a well-meaning feature that
    allowed configuration files to execute arbitrary shell
    commands. Unfortunately, this could be abused by
    untrusted `.desktop` files to execute arbitrary code as
    the target user, without the user even running the
    `.desktop` file. Therefore, this update removes that
    ill-fated feature. (Patch from upstream: `kf5-kconfig`
    fix by David Faure, `kdelibs` 4 backport by Kai Uwe
    Broulik.)

  - fixes **#917848** – removes support for the
    `gamin` file watching service which is unmaintained and
    buggy and can lead to application lockups. KDirWatch now
    relies exclusively on `inotify` (directly). (Packaging
    fix by Rex Dieter.)

  - fixes **#1730770** – removes an unused dependency
    on the obsolete `xf86misc` library. (Packaging fix by
    Kevin Kofler.)

The fixes in the `kde-settings` build remove settings that were
calling `xdg-user-dir`, because the above CVE-2019-14744 fix drops
support for running shell commands from configuration files from
KConfig and because the settings are all no longer needed (because
they either only reproduce default behavior or were commented out) :

  -
    `/usr/share/kde-settings/kde-profile/default/share/confi
    g/kdeglobals`,
    `/usr/share/kde-settings/kde-profile/minimal/share/confi
    g/kdeglobals`: Remove the `[Paths]` section. The
    `Desktop` and `Documents` directories that were set
    there are already detected by default by `kdelibs` 4 (it
    has native support for xdg-user-dirs and does not need
    the external `xdg-user-dir` command invocation), and now
    also by `kdelibs3 >= 3.5.10-101` (which has native
    xdg-user-dirs support backported). The `Trash` setting
    was already commented out.

  -
    `/usr/share/kde-settings/kde-profile/default/xdg/baloofi
    lerc`: Delete the commented-out `folders` setting that
    attempts to call `xdg-user-dir`.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-a746ac9c89");
  script_set_attribute(attribute:"solution", value:
"Update the affected 6:kdelibs and / or kde-settings packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14744");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/08/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:6:kdelibs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kde-settings");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC30", reference:"kdelibs-4.14.38-15.fc30", epoch:"6")) flag++;
if (rpm_check(release:"FC30", reference:"kde-settings-30.3-1.fc30")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "6:kdelibs / kde-settings");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

03 May 2024 00:00Current
8High risk
Vulners AI Score8
CVSS 25.1
CVSS 3.17.8
EPSS0.04069
38