ID OPENSUSE-2013-998.NASL Type nessus Reporter Tenable Modified 2018-11-10T00:00:00
Description
Add fix-CVE-2013-6404.diff: Fix a vulnerability by which an authenticated malicious user using a custom client, could access the backlog of all users of a quassel core.
This fixes CVE-2013-6404 (bnc#852847).
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2013-998.
#
# The text description of this plugin is (C) SUSE LLC.
#
include("compat.inc");
if (description)
{
script_id(75243);
script_version("1.2");
script_cvs_date("Date: 2018/11/10 11:50:01");
script_cve_id("CVE-2013-6404");
script_name(english:"openSUSE Security Update : quassel (openSUSE-SU-2013:1929-1)");
script_summary(english:"Check for the openSUSE-2013-998 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
" - Add fix-CVE-2013-6404.diff: Fix a vulnerability by which
an authenticated malicious user using a custom client,
could access the backlog of all users of a quassel core.
This fixes CVE-2013-6404 (bnc#852847)."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=852847"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected quassel packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-client-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-core-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-mono");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:quassel-mono-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
script_set_attribute(attribute:"patch_publication_date", value:"2013/12/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE13.1", reference:"quassel-base-0.9.1-8.2") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"quassel-client-0.9.1-8.2") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"quassel-client-debuginfo-0.9.1-8.2") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"quassel-core-0.9.1-8.2") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"quassel-core-debuginfo-0.9.1-8.2") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"quassel-debugsource-0.9.1-8.2") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"quassel-mono-0.9.1-8.2") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"quassel-mono-debuginfo-0.9.1-8.2") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "quassel-base / quassel-client / quassel-client-debuginfo / etc");
}
{"id": "OPENSUSE-2013-998.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : quassel (openSUSE-SU-2013:1929-1)", "description": "- Add fix-CVE-2013-6404.diff: Fix a vulnerability by which an authenticated malicious user using a custom client, could access the backlog of all users of a quassel core.\n This fixes CVE-2013-6404 (bnc#852847).", "published": "2014-06-13T00:00:00", "modified": "2018-11-10T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75243", "reporter": "Tenable", "references": ["https://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html", "https://bugzilla.novell.com/show_bug.cgi?id=852847"], "cvelist": ["CVE-2013-6404"], "type": "nessus", "lastseen": "2018-11-13T17:04:32", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2013-6404"], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "- Add fix-CVE-2013-6404.diff: Fix a vulnerability by which an authenticated malicious user using a custom client, could access the backlog of all users of a quassel core.\n This fixes CVE-2013-6404 (bnc#852847).", "edition": 1, "enchantments": {}, "hash": "e20adf5716b41431e297b3361875e6580378d65870db1028682cb8876bde5cc5", "hashmap": [{"hash": "686c2ba5ef8d92cf61c1f51f35a38b1d", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ff267dc9eafc4caf5446c51f172887d9", "key": "cvelist"}, {"hash": "d51ef32ed9f96cdaef2754a447c9af65", "key": "cvss"}, {"hash": "f447fa3ee8db2a4442ac96dfb52ddedf", "key": "title"}, {"hash": "9783b2befd72d161922deb0e8dad8a7e", "key": "sourceData"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "7b817d93d89975b192c788bc7409b3ab", "key": "description"}, {"hash": "4e2a3c5332c92654090b105e3723479f", "key": "pluginID"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "1093e969d41c7ca6ad466c1762caab7d", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=75243", "id": "OPENSUSE-2013-998.NASL", "lastseen": "2016-09-26T17:25:51", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "75243", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=852847", "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-998.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75243);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:24:48 $\");\n\n script_cve_id(\"CVE-2013-6404\");\n\n script_name(english:\"openSUSE Security Update : quassel (openSUSE-SU-2013:1929-1)\");\n script_summary(english:\"Check for the openSUSE-2013-998 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Add fix-CVE-2013-6404.diff: Fix a vulnerability by which\n an authenticated malicious user using a custom client,\n could access the backlog of all users of a quassel core.\n This fixes CVE-2013-6404 (bnc#852847).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852847\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected quassel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-mono-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-base-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-client-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-client-debuginfo-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-core-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-core-debuginfo-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-debugsource-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-mono-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-mono-debuginfo-0.9.1-8.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quassel-base / quassel-client / quassel-client-debuginfo / etc\");\n}\n", "title": "openSUSE Security Update : quassel (openSUSE-SU-2013:1929-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:51"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:quassel-core-debuginfo", "p-cpe:/a:novell:opensuse:quassel-mono", "p-cpe:/a:novell:opensuse:quassel-core", "p-cpe:/a:novell:opensuse:quassel-mono-debuginfo", "p-cpe:/a:novell:opensuse:quassel-base", "p-cpe:/a:novell:opensuse:quassel-client-debuginfo", "p-cpe:/a:novell:opensuse:quassel-client", "p-cpe:/a:novell:opensuse:quassel-debugsource", "cpe:/o:novell:opensuse:13.1"], "cvelist": ["CVE-2013-6404"], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "- Add fix-CVE-2013-6404.diff: Fix a vulnerability by which an authenticated malicious user using a custom client, could access the backlog of all users of a quassel core.\n This fixes CVE-2013-6404 (bnc#852847).", "edition": 2, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "e76d450e8c6c6e0aaf3ab48b7021b46cba168dabd3736f0eb22f5aac05b5ef9c", "hashmap": [{"hash": "686c2ba5ef8d92cf61c1f51f35a38b1d", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ff267dc9eafc4caf5446c51f172887d9", "key": "cvelist"}, {"hash": "d51ef32ed9f96cdaef2754a447c9af65", "key": "cvss"}, {"hash": "f447fa3ee8db2a4442ac96dfb52ddedf", "key": "title"}, {"hash": "9783b2befd72d161922deb0e8dad8a7e", "key": "sourceData"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "7b817d93d89975b192c788bc7409b3ab", "key": "description"}, {"hash": "4e2a3c5332c92654090b105e3723479f", "key": "pluginID"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "1093e969d41c7ca6ad466c1762caab7d", "key": "references"}, {"hash": "187b44300648ab55c73bb77be31127cf", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=75243", "id": "OPENSUSE-2013-998.NASL", "lastseen": "2017-10-29T13:42:39", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "75243", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=852847", "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-998.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75243);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:24:48 $\");\n\n script_cve_id(\"CVE-2013-6404\");\n\n script_name(english:\"openSUSE Security Update : quassel (openSUSE-SU-2013:1929-1)\");\n script_summary(english:\"Check for the openSUSE-2013-998 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Add fix-CVE-2013-6404.diff: Fix a vulnerability by which\n an authenticated malicious user using a custom client,\n could access the backlog of all users of a quassel core.\n This fixes CVE-2013-6404 (bnc#852847).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852847\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected quassel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-mono-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-base-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-client-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-client-debuginfo-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-core-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-core-debuginfo-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-debugsource-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-mono-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-mono-debuginfo-0.9.1-8.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quassel-base / quassel-client / quassel-client-debuginfo / etc\");\n}\n", "title": "openSUSE Security Update : quassel (openSUSE-SU-2013:1929-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:42:39"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:quassel-core-debuginfo", "p-cpe:/a:novell:opensuse:quassel-mono", "p-cpe:/a:novell:opensuse:quassel-core", "p-cpe:/a:novell:opensuse:quassel-mono-debuginfo", "p-cpe:/a:novell:opensuse:quassel-base", "p-cpe:/a:novell:opensuse:quassel-client-debuginfo", "p-cpe:/a:novell:opensuse:quassel-client", "p-cpe:/a:novell:opensuse:quassel-debugsource", "cpe:/o:novell:opensuse:13.1"], "cvelist": ["CVE-2013-6404"], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "- Add fix-CVE-2013-6404.diff: Fix a vulnerability by which an authenticated malicious user using a custom client, could access the backlog of all users of a quassel core.\n This fixes CVE-2013-6404 (bnc#852847).", "edition": 4, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "e76d450e8c6c6e0aaf3ab48b7021b46cba168dabd3736f0eb22f5aac05b5ef9c", "hashmap": [{"hash": "686c2ba5ef8d92cf61c1f51f35a38b1d", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ff267dc9eafc4caf5446c51f172887d9", "key": "cvelist"}, {"hash": "d51ef32ed9f96cdaef2754a447c9af65", "key": "cvss"}, {"hash": "f447fa3ee8db2a4442ac96dfb52ddedf", "key": "title"}, {"hash": "9783b2befd72d161922deb0e8dad8a7e", "key": "sourceData"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "7b817d93d89975b192c788bc7409b3ab", "key": "description"}, {"hash": "4e2a3c5332c92654090b105e3723479f", "key": "pluginID"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "1093e969d41c7ca6ad466c1762caab7d", "key": "references"}, {"hash": "187b44300648ab55c73bb77be31127cf", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=75243", "id": "OPENSUSE-2013-998.NASL", "lastseen": "2018-09-02T00:00:39", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "75243", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=852847", "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-998.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75243);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:24:48 $\");\n\n script_cve_id(\"CVE-2013-6404\");\n\n script_name(english:\"openSUSE Security Update : quassel (openSUSE-SU-2013:1929-1)\");\n script_summary(english:\"Check for the openSUSE-2013-998 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Add fix-CVE-2013-6404.diff: Fix a vulnerability by which\n an authenticated malicious user using a custom client,\n could access the backlog of all users of a quassel core.\n This fixes CVE-2013-6404 (bnc#852847).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852847\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected quassel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-mono-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-base-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-client-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-client-debuginfo-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-core-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-core-debuginfo-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-debugsource-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-mono-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-mono-debuginfo-0.9.1-8.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quassel-base / quassel-client / quassel-client-debuginfo / etc\");\n}\n", "title": "openSUSE Security Update : quassel (openSUSE-SU-2013:1929-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["references", "modified", "sourceData"], "edition": 4, "lastseen": "2018-09-02T00:00:39"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:quassel-core-debuginfo", "p-cpe:/a:novell:opensuse:quassel-mono", "p-cpe:/a:novell:opensuse:quassel-core", "p-cpe:/a:novell:opensuse:quassel-mono-debuginfo", "p-cpe:/a:novell:opensuse:quassel-base", "p-cpe:/a:novell:opensuse:quassel-client-debuginfo", "p-cpe:/a:novell:opensuse:quassel-client", "p-cpe:/a:novell:opensuse:quassel-debugsource", "cpe:/o:novell:opensuse:13.1"], "cvelist": ["CVE-2013-6404"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "- Add fix-CVE-2013-6404.diff: Fix a vulnerability by which an authenticated malicious user using a custom client, could access the backlog of all users of a quassel core.\n This fixes CVE-2013-6404 (bnc#852847).", "edition": 3, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "68c3bee38f738db7e52aa208492dfbb5549388e469604e45e14295db54703496", "hashmap": [{"hash": "686c2ba5ef8d92cf61c1f51f35a38b1d", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ff267dc9eafc4caf5446c51f172887d9", "key": "cvelist"}, {"hash": "f447fa3ee8db2a4442ac96dfb52ddedf", "key": "title"}, {"hash": "9783b2befd72d161922deb0e8dad8a7e", "key": "sourceData"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "7b817d93d89975b192c788bc7409b3ab", "key": "description"}, {"hash": "4e2a3c5332c92654090b105e3723479f", "key": "pluginID"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "1093e969d41c7ca6ad466c1762caab7d", "key": "references"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "187b44300648ab55c73bb77be31127cf", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=75243", "id": "OPENSUSE-2013-998.NASL", "lastseen": "2018-08-30T19:52:09", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "75243", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=852847", "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-998.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75243);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:24:48 $\");\n\n script_cve_id(\"CVE-2013-6404\");\n\n script_name(english:\"openSUSE Security Update : quassel (openSUSE-SU-2013:1929-1)\");\n script_summary(english:\"Check for the openSUSE-2013-998 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Add fix-CVE-2013-6404.diff: Fix a vulnerability by which\n an authenticated malicious user using a custom client,\n could access the backlog of all users of a quassel core.\n This fixes CVE-2013-6404 (bnc#852847).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852847\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected quassel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-mono-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-base-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-client-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-client-debuginfo-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-core-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-core-debuginfo-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-debugsource-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-mono-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-mono-debuginfo-0.9.1-8.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quassel-base / quassel-client / quassel-client-debuginfo / etc\");\n}\n", "title": "openSUSE Security Update : quassel (openSUSE-SU-2013:1929-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:52:09"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "187b44300648ab55c73bb77be31127cf"}, {"key": "cvelist", "hash": "ff267dc9eafc4caf5446c51f172887d9"}, {"key": "cvss", "hash": "d51ef32ed9f96cdaef2754a447c9af65"}, {"key": "description", "hash": "7b817d93d89975b192c788bc7409b3ab"}, {"key": "href", "hash": "686c2ba5ef8d92cf61c1f51f35a38b1d"}, {"key": "modified", "hash": "3c764d4cf584f9ded7aa4dcca57c78ff"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "4e2a3c5332c92654090b105e3723479f"}, {"key": "published", "hash": "02fcc0c238d215158fbaabb854c5b3df"}, {"key": "references", "hash": "11c619fc85826f19b3bbe34dc42eb94c"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "76c6c2f6ef200bc395176887d6dccf2c"}, {"key": "title", "hash": "f447fa3ee8db2a4442ac96dfb52ddedf"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "ccc915eff39a60b425afcdf1984196da7c7b9c0002d89ba92c1c4ef7b2106bc4", "viewCount": 1, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}, "vulnersScore": 2.1}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-998.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75243);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:01\");\n\n script_cve_id(\"CVE-2013-6404\");\n\n script_name(english:\"openSUSE Security Update : quassel (openSUSE-SU-2013:1929-1)\");\n script_summary(english:\"Check for the openSUSE-2013-998 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Add fix-CVE-2013-6404.diff: Fix a vulnerability by which\n an authenticated malicious user using a custom client,\n could access the backlog of all users of a quassel core.\n This fixes CVE-2013-6404 (bnc#852847).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected quassel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-mono-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-base-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-client-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-client-debuginfo-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-core-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-core-debuginfo-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-debugsource-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-mono-0.9.1-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-mono-debuginfo-0.9.1-8.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quassel-base / quassel-client / quassel-client-debuginfo / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "75243", "cpe": ["p-cpe:/a:novell:opensuse:quassel-core-debuginfo", "p-cpe:/a:novell:opensuse:quassel-mono", "p-cpe:/a:novell:opensuse:quassel-core", "p-cpe:/a:novell:opensuse:quassel-mono-debuginfo", "p-cpe:/a:novell:opensuse:quassel-base", "p-cpe:/a:novell:opensuse:quassel-client-debuginfo", "p-cpe:/a:novell:opensuse:quassel-client", "p-cpe:/a:novell:opensuse:quassel-debugsource", "cpe:/o:novell:opensuse:13.1"]}
{"cve": [{"lastseen": "2017-08-29T10:47:59", "references": ["http://www.openwall.com/lists/oss-security/2013/11/28/8", "https://exchange.xforce.ibmcloud.com/vulnerabilities/89377", "http://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html", "http://quassel-irc.org/node/123", "https://github.com/quassel/quassel/commit/a1a24da", "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"], "edition": 2, "description": "Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/.", "reporter": "NVD", "published": "2013-12-09T11:36:47", "title": "CVE-2013-6404", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-6404"], "scanner": [], "cpe": ["cpe:/a:quassel-irc:quassel_irc:0.9.1", "cpe:/a:quassel-irc:quassel_irc:0.9.0"], "modified": "2017-08-28T21:33:58", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6404", "id": "CVE-2013-6404", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2018-11-13T17:11:16", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=849850", "https://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html"], "pluginID": "75401", "description": "- Add back /etc/sysconfig/quasselcore (bnc#849850)\n\n - Drop fix-CVE-2013-6404.diff: Merged upstream\n\n - Update to 0.9.2\n\n - Don't crash if /topic contains newlines.\n\n - Fix SSL-related issues.\n\n - Fix Phonon notifications not playing sound.\n\n - Pingout if connection drops during SASL auth phase.\n\n - Prevent messages from being sent to status buffers.\n\n - Make sure manipulated/buggy clients cannot access backlog of other core users.\n\n - Fix context menu issues.", "edition": 5, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : quassel (openSUSE-SU-2014:0114-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6404"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:quassel-core-debuginfo", "p-cpe:/a:novell:opensuse:quassel-mono", "p-cpe:/a:novell:opensuse:quassel-core", "p-cpe:/a:novell:opensuse:quassel-mono-debuginfo", "p-cpe:/a:novell:opensuse:quassel-base", "p-cpe:/a:novell:opensuse:quassel-client-debuginfo", "p-cpe:/a:novell:opensuse:quassel-client", "p-cpe:/a:novell:opensuse:quassel-debugsource", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-71.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75401", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-71.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75401);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:02\");\n\n script_cve_id(\"CVE-2013-6404\");\n\n script_name(english:\"openSUSE Security Update : quassel (openSUSE-SU-2014:0114-1)\");\n script_summary(english:\"Check for the openSUSE-2014-71 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Add back /etc/sysconfig/quasselcore (bnc#849850)\n\n - Drop fix-CVE-2013-6404.diff: Merged upstream\n\n - Update to 0.9.2\n\n - Don't crash if /topic contains newlines.\n\n - Fix SSL-related issues.\n\n - Fix Phonon notifications not playing sound.\n\n - Pingout if connection drops during SASL auth phase.\n\n - Prevent messages from being sent to status buffers.\n\n - Make sure manipulated/buggy clients cannot access\n backlog of other core users.\n\n - Fix context menu issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=849850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected quassel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quassel-mono-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-base-0.9.2-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-client-0.9.2-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-client-debuginfo-0.9.2-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-core-0.9.2-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-core-debuginfo-0.9.2-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-debugsource-0.9.2-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-mono-0.9.2-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"quassel-mono-debuginfo-0.9.2-12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quassel-base / quassel-client / quassel-client-debuginfo / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}]}
