Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2012-154.NASLHistoryJun 13, 2014 - 12:00 a.m.
openSUSE Security Update : lightdm (openSUSE-SU-2012:0354-1)
2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0005 Low
EPSS
Percentile
17.1%
-
update to version 1.0.9
-
stop file descriptors leaking into the session processes (bnc#745339, lp#927060, CVE-2012-1111)
-
fix compilation against gthread
-
change session directory once user permissions are set so it works on NFS filesystems that don’t allow root to access files
-
fix object cleanup on exit
-
fix lightdm --debug not working on newer GLib
-
drop privileges when reading ~/.dmrc (CVE-2011-3153)
-
fix crash calling lightdm_get_layout
-
drop lightdm-CVE-2011-3153.patch which has been included upstream
-
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2012-154.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(74566);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2011-3153", "CVE-2012-1111");
script_name(english:"openSUSE Security Update : lightdm (openSUSE-SU-2012:0354-1)");
script_summary(english:"Check for the openSUSE-2012-154 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
" - update to version 1.0.9
- stop file descriptors leaking into the session processes
(bnc#745339, lp#927060, CVE-2012-1111)
- fix compilation against gthread
- change session directory once user permissions are set
so it works on NFS filesystems that don't allow root to
access files
- fix object cleanup on exit
- fix lightdm --debug not working on newer GLib
- drop privileges when reading ~/.dmrc (CVE-2011-3153)
- fix crash calling lightdm_get_layout
- drop lightdm-CVE-2011-3153.patch which has been included
upstream"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=745339"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2012-03/msg00019.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected lightdm packages."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:liblightdm-gobject-1-0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:liblightdm-gobject-1-0-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:liblightdm-qt-1-0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:liblightdm-qt-1-0-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm-gobject-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm-gtk-greeter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm-gtk-greeter-branding-openSUSE");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm-gtk-greeter-branding-upstream");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm-gtk-greeter-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm-lang");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm-qt-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm-qt-greeter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lightdm-qt-greeter-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");
script_set_attribute(attribute:"patch_publication_date", value:"2012/03/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE12.1", reference:"liblightdm-gobject-1-0-1.0.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"liblightdm-gobject-1-0-debuginfo-1.0.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"liblightdm-qt-1-0-1.0.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"liblightdm-qt-1-0-debuginfo-1.0.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"lightdm-1.0.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"lightdm-debuginfo-1.0.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"lightdm-debugsource-1.0.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"lightdm-gobject-devel-1.0.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"lightdm-gtk-greeter-1.0.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"lightdm-gtk-greeter-branding-openSUSE-12.1-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"lightdm-gtk-greeter-branding-upstream-1.0.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"lightdm-gtk-greeter-debuginfo-1.0.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"lightdm-lang-1.0.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"lightdm-qt-devel-1.0.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"lightdm-qt-greeter-1.0.9-8.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"lightdm-qt-greeter-debuginfo-1.0.9-8.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lightdm-gtk-greeter-branding-openSUSE / liblightdm-gobject-1-0 / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | liblightdm-gobject-1-0 | p-cpe:/a:novell:opensuse:liblightdm-gobject-1-0 |
| novell | opensuse | liblightdm-gobject-1-0-debuginfo | p-cpe:/a:novell:opensuse:liblightdm-gobject-1-0-debuginfo |
| novell | opensuse | liblightdm-qt-1-0 | p-cpe:/a:novell:opensuse:liblightdm-qt-1-0 |
| novell | opensuse | liblightdm-qt-1-0-debuginfo | p-cpe:/a:novell:opensuse:liblightdm-qt-1-0-debuginfo |
| novell | opensuse | lightdm | p-cpe:/a:novell:opensuse:lightdm |
| novell | opensuse | lightdm-debuginfo | p-cpe:/a:novell:opensuse:lightdm-debuginfo |
| novell | opensuse | lightdm-debugsource | p-cpe:/a:novell:opensuse:lightdm-debugsource |
| novell | opensuse | lightdm-gobject-devel | p-cpe:/a:novell:opensuse:lightdm-gobject-devel |
| novell | opensuse | lightdm-gtk-greeter | p-cpe:/a:novell:opensuse:lightdm-gtk-greeter |
| novell | opensuse | lightdm-gtk-greeter-branding-opensuse | p-cpe:/a:novell:opensuse:lightdm-gtk-greeter-branding-opensuse |
Related
cvelist
cvelist
CVE-2012-1111
2014-10-27 20:00:00
CVE-2011-3153
2014-03-06 15:00:00
cve
cve
CVE-2012-1111
2014-10-27 20:55:22
CVE-2011-3153
2014-03-06 15:55:28
nvd
nvd
CVE-2012-1111
2014-10-27 20:55:22
CVE-2011-3153
2014-03-06 15:55:28
prion
prion
Design/Logic Flaw
2014-10-27 20:55:00
Code injection
2014-03-06 15:55:00
debiancve
debiancve
CVE-2012-1111
2014-10-27 20:55:22
CVE-2011-3153
2014-03-06 15:55:28
ubuntucve
ubuntucve
CVE-2012-1111
2014-10-27 00:00:00
CVE-2011-3153
2011-11-15 00:00:00
nessus
nessus
openSUSE Security Update : lightdm (openSUSE-2011-12)
2014-06-13 00:00:00
Ubuntu 11.10 : lightdm vulnerabilities (USN-1262-1)
2011-11-16 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-1262-1)
2012-03-16 00:00:00
Ubuntu Update for lightdm USN-1262-1
2012-03-16 00:00:00
ubuntu
ubuntu
Light Display Manager vulnerabilities
2011-11-15 00:00:00
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0005 Low
EPSS
Percentile
17.1%
Related for OPENSUSE-2012-154.NASL