Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2014-489.NASLHistoryAug 12, 2014 - 12:00 a.m.
openSUSE Security Update : kdirstat (openSUSE-SU-2014:0984-1)
2014-08-1200:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.3%
The following security fixes are fixed in this update :
- command injection (CVE-2014-2528) with patch from upstream (bnc#868682)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2014-489.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(77133);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2014-2528");
script_name(english:"openSUSE Security Update : kdirstat (openSUSE-SU-2014:0984-1)");
script_summary(english:"Check for the openSUSE-2014-489 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"The following security fixes are fixed in this update :
- command injection (CVE-2014-2528) with patch from
upstream (bnc#868682)"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=868682"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2014-08/msg00015.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected kdirstat packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdirstat");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdirstat-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdirstat-debugsource");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
script_set_attribute(attribute:"patch_publication_date", value:"2014/07/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/12");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE13.1", reference:"kdirstat-2.4.4-273.4.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"kdirstat-debuginfo-2.4.4-273.4.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"kdirstat-debugsource-2.4.4-273.4.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdirstat / kdirstat-debuginfo / kdirstat-debugsource");
}
Related
cve
cve
CVE-2014-2528
2014-08-26 14:55:05
CVE-2014-2527
2014-08-26 14:55:05
openvas
openvas
Fedora Update for k4dirstat FEDORA-2014-4121
2014-04-03 00:00:00
Fedora Update for k4dirstat FEDORA-2014-4135
2014-04-03 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:0930-1)
2021-06-09 00:00:00
debiancve
debiancve
CVE-2014-2528
2014-08-26 14:55:05
CVE-2014-2527
2014-08-26 14:55:05
nessus
nessus
SuSE 11.3 Security Update : kdirstat (SAT Patch Number 9515)
2014-07-24 00:00:00
Fedora 19 : k4dirstat-2.7.0-0.14.20101010git6c0a9e6.fc19 (2014-4121)
2014-03-31 00:00:00
Fedora 20 : k4dirstat-2.7.0-0.14.20101010git6c0a9e6.fc20 (2014-4135)
2014-03-31 00:00:00
nvd
nvd
CVE-2014-2528
2014-08-26 14:55:05
CVE-2014-2527
2014-08-26 14:55:05
fedora
fedora
[SECURITY] Fedora 20 Update: k4dirstat-2.7.0-0.14.20101010git6c0a9e6.fc20
2014-03-30 06:05:30
[SECURITY] Fedora 19 Update: k4dirstat-2.7.0-0.14.20101010git6c0a9e6.fc19
2014-03-30 06:11:36
prion
prion
Directory traversal
2014-08-26 14:55:00
Directory traversal
2014-08-26 14:55:00
cvelist
cvelist
CVE-2014-2527
2014-08-26 14:00:00
CVE-2014-2528
2014-08-26 14:00:00
ubuntucve
ubuntucve
CVE-2014-2527
2014-08-26 00:00:00
CVE-2014-2528
2014-08-26 00:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.3%
Related for OPENSUSE-2014-489.NASL