Search...

openSUSE Security Update : quassel (openSUSE-SU-2013:1929-1)

2014-06-13T00:00:00

ID OPENSUSE-2013-998.NASL
Type nessus
Reporter Tenable
Modified 2014-06-13T00:00:00

Description

Add fix-CVE-2013-6404.diff: Fix a vulnerability by which an authenticated malicious user using a custom client, could access the backlog of all users of a quassel core. This fixes CVE-2013-6404 (bnc#852847).

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2013-998.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(75243);
  script_version("$Revision: 1.1 $");
  script_cvs_date("$Date: 2014/06/13 21:24:48 $");

  script_cve_id("CVE-2013-6404");

  script_name(english:"openSUSE Security Update : quassel (openSUSE-SU-2013:1929-1)");
  script_summary(english:"Check for the openSUSE-2013-998 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Add fix-CVE-2013-6404.diff: Fix a vulnerability by which
    an authenticated malicious user using a custom client,
    could access the backlog of all users of a quassel core.
    This fixes CVE-2013-6404 (bnc#852847)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=852847"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected quassel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-client-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-core-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-mono");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-mono-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/12/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.1", reference:"quassel-base-0.9.1-8.2") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"quassel-client-0.9.1-8.2") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"quassel-client-debuginfo-0.9.1-8.2") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"quassel-core-0.9.1-8.2") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"quassel-core-debuginfo-0.9.1-8.2") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"quassel-debugsource-0.9.1-8.2") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"quassel-mono-0.9.1-8.2") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"quassel-mono-debuginfo-0.9.1-8.2") ) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "quassel-base / quassel-client / quassel-client-debuginfo / etc");
}

JSON Vulners Source

Initial Source

{"published": "2014-06-13T00:00:00", "id": "OPENSUSE-2013-998.NASL", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "history": [{"differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:51", "bulletin": {"enchantments": {}, "published": "2014-06-13T00:00:00", "id": "OPENSUSE-2013-998.NASL", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "history": [], "cpe": [], "hash": "e20adf5716b41431e297b3361875e6580378d65870db1028682cb8876bde5cc5", "description": "- Add fix-CVE-2013-6404.diff: Fix a vulnerability by which an authenticated malicious user using a custom client, could access the backlog of all users of a quassel core.\n This fixes CVE-2013-6404 (bnc#852847).", "type": "nessus", "pluginID": "75243", "lastseen": "2016-09-26T17:25:51", "edition": 1, "title": "openSUSE Security Update : quassel (openSUSE-SU-2013:1929-1)", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75243", "modified": "2014-06-13T00:00:00", "bulletinFamily": "scanner", "viewCount": 1, "cvelist": ["CVE-2013-6404"], "references": ["https://bugzilla.novell.com/show_bug.cgi?id=852847", "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"], "naslFamily": "SuSE Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-998.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75243);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:24:48 $\");\n\n script_cve_id(\"CVE-2013-6404\");\n\n script_name(english:\"openSUSE Security Update : quassel (openSUSE-SU-2013:1929-1)\");\n script_summary(english:\"Check for the openSUSE-2013-998 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Add fix-CVE-2013-6404.diff: Fix a vulnerability by which\n an authenticated malicious user using a custom client,\n could access the backlog of all users of a quassel core.\n This fixes CVE-2013-6404 (bnc#852847).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852847\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected quassel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-mono-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-base-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-client-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-client-debuginfo-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-core-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-core-debuginfo-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-debugsource-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-mono-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-mono-debuginfo-0.9.1-8.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quassel-base / quassel-client / quassel-client-debuginfo / etc\");\n}\n", "hashmap": [{"hash": "686c2ba5ef8d92cf61c1f51f35a38b1d", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ff267dc9eafc4caf5446c51f172887d9", "key": "cvelist"}, {"hash": "d51ef32ed9f96cdaef2754a447c9af65", "key": "cvss"}, {"hash": "f447fa3ee8db2a4442ac96dfb52ddedf", "key": "title"}, {"hash": "9783b2befd72d161922deb0e8dad8a7e", "key": "sourceData"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "7b817d93d89975b192c788bc7409b3ab", "key": "description"}, {"hash": "4e2a3c5332c92654090b105e3723479f", "key": "pluginID"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "1093e969d41c7ca6ad466c1762caab7d", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "objectVersion": "1.2"}}], "description": "- Add fix-CVE-2013-6404.diff: Fix a vulnerability by which an authenticated malicious user using a custom client, could access the backlog of all users of a quassel core.\n This fixes CVE-2013-6404 (bnc#852847).", "hash": "e76d450e8c6c6e0aaf3ab48b7021b46cba168dabd3736f0eb22f5aac05b5ef9c", "enchantments": {"vulnersScore": 2.1}, "type": "nessus", "pluginID": "75243", "lastseen": "2017-10-29T13:42:39", "edition": 2, "cpe": ["p-cpe:/a:novell:opensuse:quassel-core-debuginfo", "p-cpe:/a:novell:opensuse:quassel-mono", "p-cpe:/a:novell:opensuse:quassel-core", "p-cpe:/a:novell:opensuse:quassel-mono-debuginfo", "p-cpe:/a:novell:opensuse:quassel-base", "p-cpe:/a:novell:opensuse:quassel-client-debuginfo", "p-cpe:/a:novell:opensuse:quassel-client", "p-cpe:/a:novell:opensuse:quassel-debugsource", "cpe:/o:novell:opensuse:13.1"], "title": "openSUSE Security Update : quassel (openSUSE-SU-2013:1929-1)", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75243", "modified": "2014-06-13T00:00:00", "bulletinFamily": "scanner", "viewCount": 1, "cvelist": ["CVE-2013-6404"], "references": ["https://bugzilla.novell.com/show_bug.cgi?id=852847", "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"], "naslFamily": "SuSE Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-998.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75243);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:24:48 $\");\n\n script_cve_id(\"CVE-2013-6404\");\n\n script_name(english:\"openSUSE Security Update : quassel (openSUSE-SU-2013:1929-1)\");\n script_summary(english:\"Check for the openSUSE-2013-998 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Add fix-CVE-2013-6404.diff: Fix a vulnerability by which\n an authenticated malicious user using a custom client,\n could access the backlog of all users of a quassel core.\n This fixes CVE-2013-6404 (bnc#852847).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852847\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected quassel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-mono-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-base-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-client-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-client-debuginfo-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-core-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-core-debuginfo-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-debugsource-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-mono-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-mono-debuginfo-0.9.1-8.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quassel-base / quassel-client / quassel-client-debuginfo / etc\");\n}\n", "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "187b44300648ab55c73bb77be31127cf", "key": "cpe"}, {"hash": "ff267dc9eafc4caf5446c51f172887d9", "key": "cvelist"}, {"hash": "d51ef32ed9f96cdaef2754a447c9af65", "key": "cvss"}, {"hash": "7b817d93d89975b192c788bc7409b3ab", "key": "description"}, {"hash": "686c2ba5ef8d92cf61c1f51f35a38b1d", "key": "href"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "4e2a3c5332c92654090b105e3723479f", "key": "pluginID"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "1093e969d41c7ca6ad466c1762caab7d", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "9783b2befd72d161922deb0e8dad8a7e", "key": "sourceData"}, {"hash": "f447fa3ee8db2a4442ac96dfb52ddedf", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "objectVersion": "1.3"}

{"result": {"cve": [{"id": "CVE-2013-6404", "type": "cve", "title": "CVE-2013-6404", "description": "Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/.", "published": "2013-12-09T11:36:47", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6404", "cvelist": ["CVE-2013-6404"], "lastseen": "2017-08-29T10:47:59"}], "nessus": [{"id": "OPENSUSE-2014-71.NASL", "type": "nessus", "title": "openSUSE Security Update : quassel (openSUSE-SU-2014:0114-1)", "description": "- Add back /etc/sysconfig/quasselcore (bnc#849850)\n\n - Drop fix-CVE-2013-6404.diff: Merged upstream\n\n - Update to 0.9.2\n\n - Don't crash if /topic contains newlines.\n\n - Fix SSL-related issues.\n\n - Fix Phonon notifications not playing sound.\n\n - Pingout if connection drops during SASL auth phase.\n\n - Prevent messages from being sent to status buffers.\n\n - Make sure manipulated/buggy clients cannot access backlog of other core users.\n\n - Fix context menu issues.", "published": "2014-06-13T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75401", "cvelist": ["CVE-2013-6404"], "lastseen": "2017-10-29T13:45:33"}]}}