Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.MANDRIVA_MDVSA-2009-278.NASL
HistoryOct 15, 2009 - 12:00 a.m.

Mandriva Linux Security Advisory : compiz-fusion-plugins-main (MDVSA-2009:278)

2009-10-1500:00:00
This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14

6.2 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

69.1%

JSON

A vulnerability has been found and corrected in compiz-fusion-plugins-main :

The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920 (CVE-2008-6514).

This update fixes this vulnerability.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2009:278. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(42133);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2008-6514");
  script_bugtraq_id(32712);
  script_xref(name:"MDVSA", value:"2009:278");

  script_name(english:"Mandriva Linux Security Advisory : compiz-fusion-plugins-main (MDVSA-2009:278)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A vulnerability has been found and corrected in
compiz-fusion-plugins-main :

The Expo plugin in Compiz Fusion 0.7.8 allows local users with
physical access to drag the screen saver aside and access the locked
desktop by using Expo mouse shortcuts, a related issue to
CVE-2007-3920 (CVE-2008-6514).

This update fixes this vulnerability."
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected compiz-fusion-plugins-main and / or
compiz-fusion-plugins-main-devel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:compiz-fusion-plugins-main");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:compiz-fusion-plugins-main-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/10/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2009.0", reference:"compiz-fusion-plugins-main-0.7.8-0.20080912.1.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"compiz-fusion-plugins-main-devel-0.7.8-0.20080912.1.1mdv2009.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxcompiz-fusion-plugins-mainp-cpe:/a:mandriva:linux:compiz-fusion-plugins-main
mandrivalinuxcompiz-fusion-plugins-main-develp-cpe:/a:mandriva:linux:compiz-fusion-plugins-main-devel
mandrivalinux2009.0cpe:/o:mandriva:linux:2009.0

Related

prion 2
openvas 16
cve 2
ubuntucve 2
nvd 2
cvelist 2
nessus 15
ubuntu 3
redhat 1
fedora 4
debiancve 1
suse 1
prion
prion
Sql injection
2009-03-24 14:30:00
Sql injection
2007-10-29 21:46:00
openvas
openvas
Mandrake Security Advisory MDVSA-2009:278 (compiz-fusion-plugins-main)
2009-10-19 00:00:00
Mandrake Security Advisory MDVSA-2009:278 (compiz-fusion-plugins-main)
2009-10-19 00:00:00
Ubuntu: Security Advisory (USN-537-1)
2009-03-23 00:00:00
cve
cve
CVE-2008-6514
2009-03-24 14:30:00
CVE-2007-3920
2007-10-29 21:46:00
ubuntucve
ubuntucve
CVE-2008-6514
2008-11-18 00:00:00
CVE-2007-3920
2007-10-29 00:00:00
nvd
nvd
CVE-2008-6514
2009-03-24 14:30:00
CVE-2007-3920
2007-10-29 21:46:00
cvelist
cvelist
CVE-2008-6514
2009-03-24 14:00:00
CVE-2007-3920
2007-10-29 21:00:00
nessus
nessus
RHEL 5 : compiz (RHSA-2008:0485)
2008-05-22 00:00:00
Ubuntu 7.10 : compiz vulnerability (USN-537-2)
2007-11-10 00:00:00
Ubuntu 7.10 : gnome-screensaver vulnerability (USN-537-1)
2007-11-10 00:00:00
ubuntu
ubuntu
gnome-screensaver vulnerability
2007-10-23 00:00:00
Compiz vulnerability
2007-11-02 00:00:00
Compiz vulnerability
2008-12-09 00:00:00
redhat
redhat
(RHSA-2008:0485) Low: compiz security update
2008-05-20 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: compiz-fusion-0.7.8-4.fc10
2009-03-25 16:04:02
[SECURITY] Fedora 9 Update: compiz-fusion-0.7.6-6.fc9
2009-03-25 16:06:33
[SECURITY] Fedora 7 Update: xorg-x11-server-1.3.0.0-16.fc7
2008-01-24 21:58:23
debiancve
debiancve
CVE-2007-3920
2007-10-29 21:46:00
suse
suse
local code execution in xorg-x11,XFree86
2008-06-13 15:29:54

6.2 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

69.1%

JSON
Related for MANDRIVA_MDVSA-2009-278.NASL
prion2openvas16cve2ubuntucve2nvd2cvelist2nessus15ubuntu3redhat1fedora4debiancve1suse1