Lucene search
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2003-270.NASLHistoryJul 06, 2004 - 12:00 a.m.
RHEL 2.1 : kdebase (RHSA-2003:270)
2004-07-0600:00:00
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
Updated KDE packages that resolve a local security issue with KDM PAM support and weak session cookie generation are now available.
KDE is a graphical desktop environment for the X Window System.
KDE between versions 2.2.0 and 3.1.3 inclusive contain a bug in the KDE Display Manager (KDM) when checking the result of a pam_setcred() call. If an error condition is triggered by the installed PAM modules, KDM might grant local root access to any user with valid login credentials.
It has been reported that one way to trigger this bug is by having a certain configuration of the MIT pam_krb5 module that leaves a session alive and gives root access to a regular user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0690 to this issue.
In addition, the session cookie generation algorithm used by KDM was considered too weak to supply a full 128 bits of entropy. This could make it possible for non-authorized users, who are able to bypass any host restrictions, to brute-force the session cookie and gain acess to the current session. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0692 to this issue.
Users of KDE are advised to upgrade to these erratum packages, which contain security patches correcting these issues.
Red Hat would like to thank the KDE team for notifying us of this issue and providing the security patches.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2003:270. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(12419);
script_version("1.29");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2003-0690", "CVE-2003-0692");
script_bugtraq_id(8635);
script_xref(name:"RHSA", value:"2003:270");
script_name(english:"RHEL 2.1 : kdebase (RHSA-2003:270)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated KDE packages that resolve a local security issue with KDM PAM
support and weak session cookie generation are now available.
KDE is a graphical desktop environment for the X Window System.
KDE between versions 2.2.0 and 3.1.3 inclusive contain a bug in the
KDE Display Manager (KDM) when checking the result of a pam_setcred()
call. If an error condition is triggered by the installed PAM modules,
KDM might grant local root access to any user with valid login
credentials.
It has been reported that one way to trigger this bug is by having a
certain configuration of the MIT pam_krb5 module that leaves a session
alive and gives root access to a regular user. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2003-0690 to this issue.
In addition, the session cookie generation algorithm used by KDM was
considered too weak to supply a full 128 bits of entropy. This could
make it possible for non-authorized users, who are able to bypass any
host restrictions, to brute-force the session cookie and gain acess to
the current session. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2003-0692 to this issue.
Users of KDE are advised to upgrade to these erratum packages, which
contain security patches correcting these issues.
Red Hat would like to thank the KDE team for notifying us of this
issue and providing the security patches."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2003-0690"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2003-0692"
);
# http://www.kde.org/info/security/advisory-20030916-1.txt
script_set_attribute(
attribute:"see_also",
value:"https://www.kde.org/info/security/advisory-20030916-1.txt"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2003:270"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected kdebase and / or kdebase-devel packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdebase");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdebase-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
script_set_attribute(attribute:"vuln_publication_date", value:"2003/10/06");
script_set_attribute(attribute:"patch_publication_date", value:"2003/09/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2003:270";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdebase-2.2.2-11")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdebase-devel-2.2.2-11")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdebase / kdebase-devel");
}
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | kdebase | p-cpe:/a:redhat:enterprise_linux:kdebase |
| redhat | enterprise_linux | kdebase-devel | p-cpe:/a:redhat:enterprise_linux:kdebase-devel |
| redhat | enterprise_linux | 2.1 | cpe:/o:redhat:enterprise_linux:2.1 |
Related
openvas
openvas
Gentoo Security Advisory GLSA 200311-01 (kdebase)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200311-01 (kdebase)
2008-09-24 00:00:00
Debian Security Advisory DSA 388-1 (kdebase)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 443-1] New xfree86 packages fix multiple vulnerabilities
2004-02-20 06:58:37
nessus
nessus
Mandrake Linux Security Advisory : kdebase (MDKSA-2003:091)
2004-07-31 00:00:00
Debian DSA-388-1 : kdebase - several vulnerabilities
2004-09-29 00:00:00
Mandrake Linux Security Advisory : XFree86 (MDKSA-2003:118)
2004-07-31 00:00:00
redhat
redhat
(RHSA-2003:270) kdebase security update
2003-09-16 00:00:00
(RHSA-2003:289) XFree86 security update
2003-11-12 00:00:00
gentoo
gentoo
kdebase: KDM vulnerabilities
2003-11-15 00:00:00
osv
osv
kdebase - several vulnerabilities
2003-09-19 00:00:00
xfree86 - several vulnerabilities
2004-02-19 00:00:00
securityvulns
securityvulns
[KDE SECURITY ADVISORY] KDM vulnerabilities
2003-09-17 00:00:00
SUSE Security Announcement: hylafax (SuSE-SA:2003:045)
2003-11-13 00:00:00
suse
suse
cache poisoning/denial-of-service in bind8
2003-11-28 14:58:12
remote code execution in hylafax
2003-11-10 14:45:25
local privilege escalation in rsync
2003-12-04 17:18:15
cert
cert
ISC BIND 8 vulnerable to cache poisoning via negative responses
2003-12-01 00:00:00
Integer overflow vulnerability in rsync
2003-12-09 00:00:00
ubuntucve
ubuntucve
CVE-2003-0692
2003-10-06 00:00:00
CVE-2003-0690
2003-10-06 00:00:00
cve
cve
CVE-2003-0692
2003-10-06 04:00:00
CVE-2003-0690
2003-10-06 04:00:00
Related for REDHAT-RHSA-2003-270.NASL