Slackware Linux 15.0 / current ark Vulnerability (SSA:2025-051-01)

🗓️ 20 Feb 2025 00:00:00Reported by TenableType

Slackware Linux 15.0 ark is vulnerable; update needed for security issue SSA:2025-051-01.

Reporter	Title	Published	Views	Family All 38
AlpineLinux	CVE-2024-57966	3 Feb 202505:15	–	alpinelinux
AstraLinux	Astra Linux – Vulnerability in ARK	3 May 202623:59	–	astralinux
BDU FSTEC	The vulnerability in the `libarchiveplugin.cpp` script of the graphical tool for compressing and decompressing Ark files in the KDE desktop environment allows a attacker to gain unauthorized access to protected information or execute arbitrary code.	14 Apr 202500:00	–	bdu_fstec
Circl	CVE-2024-57966	3 Feb 202505:15	–	circl
CNNVD	KDE Ark 安全漏洞	3 Feb 202500:00	–	cnnvd
CVE	CVE-2024-57966	3 Feb 202500:00	–	cve
Cvelist	CVE-2024-57966	3 Feb 202500:00	–	cvelist
Debian	[SECURITY] [DLA 4046-1] ark security update	8 Feb 202517:59	–	debian
Debian	[SECURITY] [DSA 6029-1] ark security update	20 Oct 202516:02	–	debian
Debian CVE	CVE-2024-57966	3 Feb 202500:00	–	debiancve

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
#
# The descriptive text and package checks in this plugin were
# extracted from Slackware Security Advisory SSA:2025-051-01. The text
# itself is copyright (C) Slackware Linux, Inc.
##

include('compat.inc');

if (description)
{
  script_id(216535);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/02/20");

  script_cve_id("CVE-2024-57966");

  script_name(english:"Slackware Linux 15.0 / current ark  Vulnerability (SSA:2025-051-01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Slackware Linux host is missing a security update to ark.");
  script_set_attribute(attribute:"description", value:
"The version of ark installed on the remote host is prior to 21.12.1 / 23.08.5. It is, therefore, affected by a
vulnerability as referenced in the SSA:2025-051-01 advisory.

    New ark packages are available for Slackware 15.0 and -current to fix a security issue.

Tenable has extracted the preceding description block directly from the ark security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2025&m=slackware-security.359298
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5f4e2671");
  script_set_attribute(attribute:"solution", value:
"Upgrade the affected ark package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-57966");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/02/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/02/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/02/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:ark");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:15.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Slackware Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");

  exit(0);
}

include("slackware.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);

var flag = 0;
var constraints = [
    { 'fixed_version' : '21.12.1', 'product' : 'ark', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '2_slack15.0', 'arch' : 'i586' },
    { 'fixed_version' : '21.12.1', 'product' : 'ark', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '2_slack15.0', 'arch' : 'x86_64' },
    { 'fixed_version' : '23.08.5', 'product' : 'ark', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '2', 'arch' : 'i686' },
    { 'fixed_version' : '23.08.5', 'product' : 'ark', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '2', 'arch' : 'x86_64' }
];

foreach var constraint (constraints) {
    var pkg_arch = constraint['arch'];
    var arch = NULL;
    if (pkg_arch == "x86_64") {
        arch = pkg_arch;
    }
    if (slackware_check(osver:constraint['os_version'],
                        arch:arch,
                        pkgname:constraint['product'],
                        pkgver:constraint['fixed_version'],
                        pkgarch:pkg_arch,
                        pkgnum:constraint['service_pack'])) flag++;
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_NOTE,
      extra      : slackware_report_get()
  );
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

20 Feb 2025 00:00Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15

EPSS0.0026

SSVC