{"id": "SL_20111011_KDELIBS_ON_SL6_X.NASL", "bulletinFamily": "scanner", "title": "Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64", "description": "The kdelibs packages provide libraries for the K Desktop Environment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate Authority (CA) certificates. This update makes kdelibs use the system set from the ca-certificates package, instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct this issue and add this enhancement. The desktop must be restarted (log out, then log back in) for this update to take effect.", "published": "2012-08-01T00:00:00", "modified": "2018-12-31T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=61152", "reporter": "Tenable", "references": ["http://www.nessus.org/u?f3cff683"], "cvelist": ["CVE-2011-3365"], "type": "nessus", "lastseen": "2019-02-21T01:17:19", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "cvelist": ["CVE-2011-3365"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The kdelibs packages provide libraries for the K Desktop Environment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate Authority (CA) certificates. This update makes kdelibs use the system set from the ca-certificates package, instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct this issue and add this enhancement. The desktop must be restarted (log out, then log back in) for this update to take effect.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "d59bb321670430bdffc96f823eef88025d9a7f2681eb699a40ad2b294957a9e1", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "1538f816f097c6e24e4925917da4bdd2", "key": "pluginID"}, {"hash": "b1e432cd926620a2b9bd9816ef9503c6", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "75cdebe0eaa0f27a227ac1993e48dd15", "key": "description"}, {"hash": "dffbca99f1c54ad929437915a55adafb", "key": "title"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "be165084def82ff9685b05486474f163", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0e521a7302530d8517c24119dab06780", "key": "href"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "3df1729ddd62f904d6fc3174886883b1", "key": "sourceData"}, {"hash": "bfbf81f16ff8b5b7964ff84f92035968", "key": "modified"}, {"hash": "fb9bf83f6ee99f12b12b83267fa60f2a", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=61152", "id": "SL_20111011_KDELIBS_ON_SL6_X.NASL", "lastseen": "2017-10-29T13:36:31", "modified": "2014-08-16T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "61152", "published": "2012-08-01T00:00:00", "references": ["http://www.nessus.org/u?792db480"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61152);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2014/08/16 19:47:27 $\");\n\n script_cve_id(\"CVE-2011-3365\");\n\n script_name(english:\"Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kdelibs packages provide libraries for the K Desktop Environment\n(KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate\n Authority (CA) certificates. This update makes kdelibs\n use the system set from the ca-certificates package,\n instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct this issue and add this enhancement. The\ndesktop must be restarted (log out, then log back in) for this update\nto take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=961\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?792db480\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-apidocs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-common-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-debuginfo-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-devel-4.3.4-11.el6_1.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:36:31"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "cvelist": ["CVE-2011-3365"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The kdelibs packages provide libraries for the K Desktop Environment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate Authority (CA) certificates. This update makes kdelibs use the system set from the ca-certificates package, instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct this issue and add this enhancement. The desktop must be restarted (log out, then log back in) for this update to take effect.", "edition": 5, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "92434ad2a721963bce45ab2e8e2c4ffc7e27ed0f4b34d9454aeab7b8109b43c5", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "3ceacb8da452aa42d81d82bfac696bb2", "key": "modified"}, {"hash": "1538f816f097c6e24e4925917da4bdd2", "key": "pluginID"}, {"hash": "b1e432cd926620a2b9bd9816ef9503c6", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "80105ab2ac8488d66b1d0c9ac5304ce5", "key": "sourceData"}, {"hash": "75cdebe0eaa0f27a227ac1993e48dd15", "key": "description"}, {"hash": "dffbca99f1c54ad929437915a55adafb", "key": "title"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0e521a7302530d8517c24119dab06780", "key": "href"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "383ef9ae76f00e06ffd70c9dc5949264", "key": "references"}, {"hash": "fb9bf83f6ee99f12b12b83267fa60f2a", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=61152", "id": "SL_20111011_KDELIBS_ON_SL6_X.NASL", "lastseen": "2019-01-01T04:13:04", "modified": "2018-12-31T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "61152", "published": "2012-08-01T00:00:00", "references": ["http://www.nessus.org/u?f3cff683"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61152);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/31 11:35:00\");\n\n script_cve_id(\"CVE-2011-3365\");\n\n script_name(english:\"Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kdelibs packages provide libraries for the K Desktop Environment\n(KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate\n Authority (CA) certificates. This update makes kdelibs\n use the system set from the ca-certificates package,\n instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct this issue and add this enhancement. The\ndesktop must be restarted (log out, then log back in) for this update\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=961\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3cff683\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-apidocs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-common-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-debuginfo-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-devel-4.3.4-11.el6_1.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 5, "lastseen": "2019-01-01T04:13:04"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "cvelist": ["CVE-2011-3365"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The kdelibs packages provide libraries for the K Desktop Environment\n(KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate\n Authority (CA) certificates. This update makes kdelibs\n use the system set from the ca-certificates package,\n instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct this issue and add this enhancement. The\ndesktop must be restarted (log out, then log back in) for this update\nto take effect.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:14:27", "references": [{"idList": ["CVE-2011-3365"], "type": "cve"}, {"idList": ["CENTOS_RHSA-2011-1385.NASL", "ORACLELINUX_ELSA-2011-1364.NASL", "REDHAT-RHSA-2011-1364.NASL", "FEDORA_2011-13417.NASL", "SUSE_11_4_KDELIBS4-111010.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:864076", "OPENVAS:863841", "OPENVAS:863920", "OPENVAS:870694", "OPENVAS:864066", "OPENVAS:863801", "OPENVAS:863923", "OPENVAS:863957", "OPENVAS:864045", "OPENVAS:864048"], "type": "openvas"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "853dbc1f0205c98d7e74f68346ecb32549776e1bc80ec2542d1490fb5bdb8c92", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "3ceacb8da452aa42d81d82bfac696bb2", "key": "modified"}, {"hash": "1538f816f097c6e24e4925917da4bdd2", "key": "pluginID"}, {"hash": "b1e432cd926620a2b9bd9816ef9503c6", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "80105ab2ac8488d66b1d0c9ac5304ce5", "key": "sourceData"}, {"hash": "42d0c3ac5bc6933febf525f25eea3248", "key": "description"}, {"hash": "dffbca99f1c54ad929437915a55adafb", "key": "title"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0e521a7302530d8517c24119dab06780", "key": "href"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "383ef9ae76f00e06ffd70c9dc5949264", "key": "references"}, {"hash": "fb9bf83f6ee99f12b12b83267fa60f2a", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=61152", "id": "SL_20111011_KDELIBS_ON_SL6_X.NASL", "lastseen": "2019-01-16T20:14:27", "modified": "2018-12-31T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "61152", "published": "2012-08-01T00:00:00", "references": ["http://www.nessus.org/u?f3cff683"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61152);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/31 11:35:00\");\n\n script_cve_id(\"CVE-2011-3365\");\n\n script_name(english:\"Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kdelibs packages provide libraries for the K Desktop Environment\n(KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate\n Authority (CA) certificates. This update makes kdelibs\n use the system set from the ca-certificates package,\n instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct this issue and add this enhancement. The\ndesktop must be restarted (log out, then log back in) for this update\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=961\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3cff683\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-apidocs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-common-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-debuginfo-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-devel-4.3.4-11.el6_1.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:14:27"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "cvelist": ["CVE-2011-3365"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The kdelibs packages provide libraries for the K Desktop Environment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate Authority (CA) certificates. This update makes kdelibs use the system set from the ca-certificates package, instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct this issue and add this enhancement. The desktop must be restarted (log out, then log back in) for this update to take effect.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "563c4d1908ddf9e2f792e57de16634d5ca27fe93f1af27d538ce02067217eb05", "hashmap": [{"hash": "1538f816f097c6e24e4925917da4bdd2", "key": "pluginID"}, {"hash": "b1e432cd926620a2b9bd9816ef9503c6", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "75cdebe0eaa0f27a227ac1993e48dd15", "key": "description"}, {"hash": "dffbca99f1c54ad929437915a55adafb", "key": "title"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "be165084def82ff9685b05486474f163", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0e521a7302530d8517c24119dab06780", "key": "href"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "3df1729ddd62f904d6fc3174886883b1", "key": "sourceData"}, {"hash": "bfbf81f16ff8b5b7964ff84f92035968", "key": "modified"}, {"hash": "fb9bf83f6ee99f12b12b83267fa60f2a", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=61152", "id": "SL_20111011_KDELIBS_ON_SL6_X.NASL", "lastseen": "2018-08-30T19:36:23", "modified": "2014-08-16T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "61152", "published": "2012-08-01T00:00:00", "references": ["http://www.nessus.org/u?792db480"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61152);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2014/08/16 19:47:27 $\");\n\n script_cve_id(\"CVE-2011-3365\");\n\n script_name(english:\"Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kdelibs packages provide libraries for the K Desktop Environment\n(KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate\n Authority (CA) certificates. This update makes kdelibs\n use the system set from the ca-certificates package,\n instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct this issue and add this enhancement. The\ndesktop must be restarted (log out, then log back in) for this update\nto take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=961\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?792db480\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-apidocs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-common-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-debuginfo-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-devel-4.3.4-11.el6_1.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:36:23"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "cvelist": ["CVE-2011-3365"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The kdelibs packages provide libraries for the K Desktop Environment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate Authority (CA) certificates. This update makes kdelibs use the system set from the ca-certificates package, instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct this issue and add this enhancement. The desktop must be restarted (log out, then log back in) for this update to take effect.", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "d59bb321670430bdffc96f823eef88025d9a7f2681eb699a40ad2b294957a9e1", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "1538f816f097c6e24e4925917da4bdd2", "key": "pluginID"}, {"hash": "b1e432cd926620a2b9bd9816ef9503c6", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "75cdebe0eaa0f27a227ac1993e48dd15", "key": "description"}, {"hash": "dffbca99f1c54ad929437915a55adafb", "key": "title"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "be165084def82ff9685b05486474f163", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0e521a7302530d8517c24119dab06780", "key": "href"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "3df1729ddd62f904d6fc3174886883b1", "key": "sourceData"}, {"hash": "bfbf81f16ff8b5b7964ff84f92035968", "key": "modified"}, {"hash": "fb9bf83f6ee99f12b12b83267fa60f2a", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=61152", "id": "SL_20111011_KDELIBS_ON_SL6_X.NASL", "lastseen": "2018-09-01T23:41:27", "modified": "2014-08-16T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "61152", "published": "2012-08-01T00:00:00", "references": ["http://www.nessus.org/u?792db480"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61152);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2014/08/16 19:47:27 $\");\n\n script_cve_id(\"CVE-2011-3365\");\n\n script_name(english:\"Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kdelibs packages provide libraries for the K Desktop Environment\n(KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate\n Authority (CA) certificates. This update makes kdelibs\n use the system set from the ca-certificates package,\n instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct this issue and add this enhancement. The\ndesktop must be restarted (log out, then log back in) for this update\nto take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=961\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?792db480\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-apidocs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-common-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-debuginfo-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-devel-4.3.4-11.el6_1.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64", "type": "nessus", "viewCount": 1}, "differentElements": ["references", "modified", "sourceData"], "edition": 4, "lastseen": "2018-09-01T23:41:27"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2011-3365"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The kdelibs packages provide libraries for the K Desktop Environment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate Authority (CA) certificates. This update makes kdelibs use the system set from the ca-certificates package, instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct this issue and add this enhancement. The desktop must be restarted (log out, then log back in) for this update to take effect.", "edition": 1, "enchantments": {}, "hash": "86f2272344105d5138b4a4b6a5c93d0ac620868f2bced43208359f9b32dc0698", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "1538f816f097c6e24e4925917da4bdd2", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "75cdebe0eaa0f27a227ac1993e48dd15", "key": "description"}, {"hash": "dffbca99f1c54ad929437915a55adafb", "key": "title"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "be165084def82ff9685b05486474f163", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0e521a7302530d8517c24119dab06780", "key": "href"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "3df1729ddd62f904d6fc3174886883b1", "key": "sourceData"}, {"hash": "bfbf81f16ff8b5b7964ff84f92035968", "key": "modified"}, {"hash": "fb9bf83f6ee99f12b12b83267fa60f2a", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=61152", "id": "SL_20111011_KDELIBS_ON_SL6_X.NASL", "lastseen": "2016-09-26T17:24:07", "modified": "2014-08-16T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.2", "pluginID": "61152", "published": "2012-08-01T00:00:00", "references": ["http://www.nessus.org/u?792db480"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61152);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2014/08/16 19:47:27 $\");\n\n script_cve_id(\"CVE-2011-3365\");\n\n script_name(english:\"Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kdelibs packages provide libraries for the K Desktop Environment\n(KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate\n Authority (CA) certificates. This update makes kdelibs\n use the system set from the ca-certificates package,\n instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct this issue and add this enhancement. The\ndesktop must be restarted (log out, then log back in) for this update\nto take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=961\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?792db480\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-apidocs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-common-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-debuginfo-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-devel-4.3.4-11.el6_1.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:07"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "b1e432cd926620a2b9bd9816ef9503c6"}, {"key": "cvelist", "hash": "fb9bf83f6ee99f12b12b83267fa60f2a"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "75cdebe0eaa0f27a227ac1993e48dd15"}, {"key": "href", "hash": "0e521a7302530d8517c24119dab06780"}, {"key": "modified", "hash": "3ceacb8da452aa42d81d82bfac696bb2"}, {"key": "naslFamily", "hash": "b3a4d461a1383c8ba9fa401b58d29827"}, {"key": "pluginID", "hash": "1538f816f097c6e24e4925917da4bdd2"}, {"key": "published", "hash": "3ff4afbf9eedf98937c2e5c5cf13456f"}, {"key": "references", "hash": "383ef9ae76f00e06ffd70c9dc5949264"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "80105ab2ac8488d66b1d0c9ac5304ce5"}, {"key": "title", "hash": "dffbca99f1c54ad929437915a55adafb"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "92434ad2a721963bce45ab2e8e2c4ffc7e27ed0f4b34d9454aeab7b8109b43c5", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-3365"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310863855", "OPENVAS:864080", "OPENVAS:881022", "OPENVAS:1361412562310864017", "OPENVAS:863846", "OPENVAS:1361412562310864001", "OPENVAS:863807", "OPENVAS:1361412562310863920", "OPENVAS:1361412562310863944", "OPENVAS:863923"]}, {"type": "ubuntu", "idList": ["USN-1248-1"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2011-1364.NASL", "REDHAT-RHSA-2011-1385.NASL", "CENTOS_RHSA-2011-1385.NASL", "ORACLELINUX_ELSA-2011-1385.NASL"]}, {"type": "centos", "idList": ["CESA-2011:1385"]}], "modified": "2019-02-21T01:17:19"}, "score": {"value": 4.8, "vector": "NONE", "modified": "2019-02-21T01:17:19"}, "vulnersScore": 4.8}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61152);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/31 11:35:00\");\n\n script_cve_id(\"CVE-2011-3365\");\n\n script_name(english:\"Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kdelibs packages provide libraries for the K Desktop Environment\n(KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n - kdelibs provided its own set of trusted Certificate\n Authority (CA) certificates. This update makes kdelibs\n use the system set from the ca-certificates package,\n instead of its own copy.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct this issue and add this enhancement. The\ndesktop must be restarted (log out, then log back in) for this update\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=961\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3cff683\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-apidocs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-common-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-debuginfo-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-devel-4.3.4-11.el6_1.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Scientific Linux Local Security Checks", "pluginID": "61152", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:11:21", "bulletinFamily": "NVD", "description": "The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.", "modified": "2012-01-19T03:59:00", "id": "CVE-2011-3365", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3365", "published": "2011-11-29T17:55:00", "title": "CVE-2011-3365", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2018-01-08T12:58:15", "bulletinFamily": "scanner", "description": "Check for the Version of marble", "modified": "2018-01-08T00:00:00", "published": "2012-03-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863807", "id": "OPENVAS:863807", "title": "Fedora Update for marble FEDORA-2011-13417", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for marble FEDORA-2011-13417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Marble is a Virtual Globe and World Atlas that you can use to learn more\n about Earth: You can pan and zoom around and you can look up places and\n roads. A mouse click on a place label will provide the respective Wikipedia\n article.\n\n Of course it's also possible to measure distances between locations or watch\n the current cloud cover. Marble offers different thematic maps: A classroom-\n style topographic map, a satellite view, street map, earth at night and\n temperature and precipitation maps. All maps include a custom map key, so it\n can also be used as an educational tool for use in class-rooms. For\n educational purposes you can also change date and time and watch how the\n starry sky and the twilight zone on the map change.\n\n In opposite to other virtual globes Marble also features multiple\n projections: Choose between a Flat Map (&quot;Plate carr&#233;&quot;), Mercator or the Globe.\";\n\ntag_affected = \"marble on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067249.html\");\n script_id(863807);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:19:01 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-3365\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-13417\");\n script_name(\"Fedora Update for marble FEDORA-2011-13417\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of marble\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"marble\", rpm:\"marble~4.7.1~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:58", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:1361412562310864001", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864001", "title": "Fedora Update for kdepim-runtime FEDORA-2011-13417", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdepim-runtime FEDORA-2011-13417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067287.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864001\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:53:13 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3365\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-13417\");\n script_name(\"Fedora Update for kdepim-runtime FEDORA-2011-13417\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kdepim-runtime'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"kdepim-runtime on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdepim-runtime\", rpm:\"kdepim-runtime~4.7.1~4.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:39:14", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:1361412562310863944", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863944", "title": "Fedora Update for kdesdk FEDORA-2011-13417", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdesdk FEDORA-2011-13417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067231.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863944\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:37:40 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3365\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-13417\");\n script_name(\"Fedora Update for kdesdk FEDORA-2011-13417\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kdesdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"kdesdk on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdesdk\", rpm:\"kdesdk~4.7.1~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:39:45", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2011-10-21T00:00:00", "id": "OPENVAS:1361412562310870502", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870502", "title": "RedHat Update for kdelibs and kdelibs3 RHSA-2011:1385-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kdelibs and kdelibs3 RHSA-2011:1385-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-October/msg00013.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870502\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_xref(name:\"RHSA\", value:\"2011:1385-01\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2011-3365\");\n script_name(\"RedHat Update for kdelibs and kdelibs3 RHSA-2011:1385-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kdelibs and kdelibs3'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(5|4)\");\n script_tag(name:\"affected\", value:\"kdelibs and kdelibs3 on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The kdelibs and kdelibs3 packages provide libraries for the K Desktop\n Environment (KDE).\n\n An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An\n attacker could supply a specially-crafted SSL certificate (for example, via\n a web page) to an application using KSSL, such as the Konqueror web\n browser, causing misleading information to be presented to the user,\n possibly tricking them into accepting the certificate as valid.\n (CVE-2011-3365)\n\n Users should upgrade to these updated packages, which contain a backported\n patch to correct this issue. The desktop must be restarted (log out, then\n log back in) for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdelibs\", rpm:\"kdelibs~3.5.4~26.el5_7.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-apidocs\", rpm:\"kdelibs-apidocs~3.5.4~26.el5_7.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-debuginfo\", rpm:\"kdelibs-debuginfo~3.5.4~26.el5_7.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-devel\", rpm:\"kdelibs-devel~3.5.4~26.el5_7.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdelibs\", rpm:\"kdelibs~3.3.1~18.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-debuginfo\", rpm:\"kdelibs-debuginfo~3.3.1~18.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-devel\", rpm:\"kdelibs-devel~3.3.1~18.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-01-06T13:07:00", "bulletinFamily": "scanner", "description": "Check for the Version of cantor", "modified": "2018-01-05T00:00:00", "published": "2012-04-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863923", "id": "OPENVAS:863923", "title": "Fedora Update for cantor FEDORA-2011-13417", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cantor FEDORA-2011-13417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"cantor on Fedora 16\";\ntag_insight = \"KDE Frontend to Mathematical Software.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067238.html\");\n script_id(863923);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:36:44 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3365\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-13417\");\n script_name(\"Fedora Update for cantor FEDORA-2011-13417\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cantor\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"cantor\", rpm:\"cantor~4.7.1~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-03T10:57:24", "bulletinFamily": "scanner", "description": "Check for the Version of kdegraphics-thumbnailers", "modified": "2018-01-03T00:00:00", "published": "2012-04-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863996", "id": "OPENVAS:863996", "title": "Fedora Update for kdegraphics-thumbnailers FEDORA-2011-13417", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdegraphics-thumbnailers FEDORA-2011-13417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kdegraphics-thumbnailers on Fedora 16\";\ntag_insight = \"Thumbnailers for various graphic types.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067233.html\");\n script_id(863996);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:53:03 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3365\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-13417\");\n script_name(\"Fedora Update for kdegraphics-thumbnailers FEDORA-2011-13417\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kdegraphics-thumbnailers\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdegraphics-thumbnailers\", rpm:\"kdegraphics-thumbnailers~4.7.1~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:58:28", "bulletinFamily": "scanner", "description": "Check for the Version of kross-interpreters", "modified": "2018-01-02T00:00:00", "published": "2012-03-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863828", "id": "OPENVAS:863828", "title": "Fedora Update for kross-interpreters FEDORA-2011-13417", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kross-interpreters FEDORA-2011-13417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kross-interpreters on Fedora 16\";\ntag_insight = \"Kross interpreters.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067244.html\");\n script_id(863828);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:20:24 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-3365\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-13417\");\n script_name(\"Fedora Update for kross-interpreters FEDORA-2011-13417\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kross-interpreters\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"kross-interpreters\", rpm:\"kross-interpreters~4.7.1~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:57:27", "bulletinFamily": "scanner", "description": "Check for the Version of kde-settings", "modified": "2017-12-29T00:00:00", "published": "2012-04-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863907", "id": "OPENVAS:863907", "title": "Fedora Update for kde-settings FEDORA-2011-13417", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kde-settings FEDORA-2011-13417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kde-settings on Fedora 16\";\ntag_insight = \"Config files for kde.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067242.html\");\n script_id(863907);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:33:23 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3365\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-13417\");\n script_name(\"Fedora Update for kde-settings FEDORA-2011-13417\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kde-settings\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"kde-settings\", rpm:\"kde-settings~4.7~7.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:50", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:1361412562310863920", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863920", "title": "Fedora Update for klettres FEDORA-2011-13417", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for klettres FEDORA-2011-13417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067252.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863920\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:36:38 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3365\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-13417\");\n script_name(\"Fedora Update for klettres FEDORA-2011-13417\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'klettres'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"klettres on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"klettres\", rpm:\"klettres~4.7.1~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-01-02T10:58:02", "bulletinFamily": "scanner", "description": "Check for the Version of kdenetwork", "modified": "2017-12-26T00:00:00", "published": "2012-04-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863971", "id": "OPENVAS:863971", "title": "Fedora Update for kdenetwork FEDORA-2011-13417", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdenetwork FEDORA-2011-13417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kdenetwork on Fedora 16\";\ntag_insight = \"Networking applications, including:\n * kget: downloader manager\n * kopete: chat client\n * kppp: dialer and front end for pppd\n * krdc: a client for Desktop Sharing and other VNC servers\n * krfb: Desktop Sharing server, allow others to access your desktop via VNC\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067230.html\");\n script_id(863971);\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:39:27 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3365\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-13417\");\n script_name(\"Fedora Update for kdenetwork FEDORA-2011-13417\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kdenetwork\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdenetwork\", rpm:\"kdenetwork~4.7.1~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:21:55", "bulletinFamily": "unix", "description": "Tim Brown discovered that KSSL in KDE-Libs did not properly perform input validation when displaying the common name (CN) for an SSL certificate. An attacker could exploit this to spoof the common name which could be used in an attack to trick the user into accepting a fraudulent certificate. This issue only affected Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2011-3365)\n\nIt was discovered that KIO in KDE-Libs did not properly perform input validation during proxy authentication. An attacker could exploit this to modify displaying of the realm and proxy URL.", "modified": "2011-10-25T00:00:00", "published": "2011-10-25T00:00:00", "id": "USN-1248-1", "href": "https://usn.ubuntu.com/1248-1/", "title": "KDE-Libs vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2019-02-21T01:19:32", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2011:1364 :\n\nUpdated kdelibs packages that fix one security issue and add one enhancement are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe kdelibs packages provide libraries for the K Desktop Environment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n* kdelibs provided its own set of trusted Certificate Authority (CA) certificates. This update makes kdelibs use the system set from the ca-certificates package, instead of its own copy. (BZ#743951)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct this issue and add this enhancement. The desktop must be restarted (log out, then log back in) for this update to take effect.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2011-1364.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68368", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : kdelibs (ELSA-2011-1364)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1364 and \n# Oracle Linux Security Advisory ELSA-2011-1364 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68368);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2011-3365\");\n script_bugtraq_id(49925);\n script_xref(name:\"RHSA\", value:\"2011:1364\");\n\n script_name(english:\"Oracle Linux 6 : kdelibs (ELSA-2011-1364)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1364 :\n\nUpdated kdelibs packages that fix one security issue and add one\nenhancement are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe kdelibs packages provide libraries for the K Desktop Environment\n(KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nThis update also adds the following enhancement :\n\n* kdelibs provided its own set of trusted Certificate Authority (CA)\ncertificates. This update makes kdelibs use the system set from the\nca-certificates package, instead of its own copy. (BZ#743951)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct this issue and add this enhancement. The\ndesktop must be restarted (log out, then log back in) for this update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002397.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"kdelibs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"kdelibs-apidocs-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"kdelibs-common-4.3.4-11.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"kdelibs-devel-4.3.4-11.el6_1.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs / kdelibs-apidocs / kdelibs-common / kdelibs-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:15:32", "bulletinFamily": "scanner", "description": "Updated kdelibs packages for Red Hat Enterprise Linux 4 and 5 and updated kdelibs3 packages for Red Hat Enterprise Linux 6 that fix one security issue are now available.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe kdelibs and kdelibs3 packages provide libraries for the K Desktop Environment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)\n\nUsers should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2011-1385.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56559", "published": "2011-10-20T00:00:00", "title": "CentOS 4 / 5 : kdelibs (CESA-2011:1385)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1385 and \n# CentOS Errata and Security Advisory 2011:1385 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56559);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2011-3365\");\n script_bugtraq_id(49925);\n script_xref(name:\"RHSA\", value:\"2011:1385\");\n\n script_name(english:\"CentOS 4 / 5 : kdelibs (CESA-2011:1385)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kdelibs packages for Red Hat Enterprise Linux 4 and 5 and\nupdated kdelibs3 packages for Red Hat Enterprise Linux 6 that fix one\nsecurity issue are now available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe kdelibs and kdelibs3 packages provide libraries for the K Desktop\nEnvironment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nUsers should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. The desktop must be restarted\n(log out, then log back in) for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018167.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?97cff4aa\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018168.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1baf209c\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018123.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?822945dd\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018124.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e27a8cf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kdelibs-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kdelibs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kdelibs-3.3.1-18.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kdelibs-3.3.1-18.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kdelibs-devel-3.3.1-18.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kdelibs-devel-3.3.1-18.el4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"kdelibs-3.5.4-26.el5.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kdelibs-apidocs-3.5.4-26.el5.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kdelibs-devel-3.5.4-26.el5.centos.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:15:32", "bulletinFamily": "scanner", "description": "Updated kdelibs packages for Red Hat Enterprise Linux 4 and 5 and updated kdelibs3 packages for Red Hat Enterprise Linux 6 that fix one security issue are now available.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe kdelibs and kdelibs3 packages provide libraries for the K Desktop Environment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)\n\nUsers should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.", "modified": "2018-11-26T00:00:00", "id": "REDHAT-RHSA-2011-1385.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56561", "published": "2011-10-20T00:00:00", "title": "RHEL 4 / 5 / 6 : kdelibs and kdelibs3 (RHSA-2011:1385)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1385. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56561);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2011-3365\");\n script_bugtraq_id(49925);\n script_xref(name:\"RHSA\", value:\"2011:1385\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : kdelibs and kdelibs3 (RHSA-2011:1385)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kdelibs packages for Red Hat Enterprise Linux 4 and 5 and\nupdated kdelibs3 packages for Red Hat Enterprise Linux 6 that fix one\nsecurity issue are now available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe kdelibs and kdelibs3 packages provide libraries for the K Desktop\nEnvironment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nUsers should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. The desktop must be restarted\n(log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1385\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs3-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1385\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"kdelibs-3.3.1-18.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"kdelibs-devel-3.3.1-18.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"kdelibs-3.5.4-26.el5_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kdelibs-apidocs-3.5.4-26.el5_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kdelibs-apidocs-3.5.4-26.el5_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kdelibs-apidocs-3.5.4-26.el5_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"kdelibs-devel-3.5.4-26.el5_7.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"kdelibs3-3.5.10-24.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kdelibs3-apidocs-3.5.10-24.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kdelibs3-debuginfo-3.5.10-24.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kdelibs3-devel-3.5.10-24.el6_1.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs / kdelibs-apidocs / kdelibs-devel / kdelibs3 / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:19:32", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2011:1385 :\n\nUpdated kdelibs packages for Red Hat Enterprise Linux 4 and 5 and updated kdelibs3 packages for Red Hat Enterprise Linux 6 that fix one security issue are now available.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe kdelibs and kdelibs3 packages provide libraries for the K Desktop Environment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)\n\nUsers should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2011-1385.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68374", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 / 6 : kdelibs / kdelibs3 (ELSA-2011-1385)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1385 and \n# Oracle Linux Security Advisory ELSA-2011-1385 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68374);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2011-3365\");\n script_bugtraq_id(49925);\n script_xref(name:\"RHSA\", value:\"2011:1385\");\n\n script_name(english:\"Oracle Linux 4 / 5 / 6 : kdelibs / kdelibs3 (ELSA-2011-1385)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1385 :\n\nUpdated kdelibs packages for Red Hat Enterprise Linux 4 and 5 and\nupdated kdelibs3 packages for Red Hat Enterprise Linux 6 that fix one\nsecurity issue are now available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe kdelibs and kdelibs3 packages provide libraries for the K Desktop\nEnvironment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper)\nAPI. An attacker could supply a specially crafted SSL certificate (for\nexample, via a web page) to an application using KSSL, such as the\nKonqueror web browser, causing misleading information to be presented\nto the user, possibly tricking them into accepting the certificate as\nvalid. (CVE-2011-3365)\n\nUsers should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. The desktop must be restarted\n(log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002413.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002415.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002416.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs and / or kdelibs3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs3-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"kdelibs-3.3.1-18.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"kdelibs-devel-3.3.1-18.0.1.el4\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"kdelibs-3.5.4-26.0.1.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"kdelibs-apidocs-3.5.4-26.0.1.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"kdelibs-devel-3.5.4-26.0.1.el5_7.1\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"kdelibs3-3.5.10-24.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"kdelibs3-apidocs-3.5.10-24.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"kdelibs3-devel-3.5.10-24.el6_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs / kdelibs-apidocs / kdelibs-devel / kdelibs3 / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "centos": [{"lastseen": "2019-05-29T18:33:27", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2011:1385\n\n\nThe kdelibs and kdelibs3 packages provide libraries for the K Desktop\nEnvironment (KDE).\n\nAn input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An\nattacker could supply a specially-crafted SSL certificate (for example, via\na web page) to an application using KSSL, such as the Konqueror web\nbrowser, causing misleading information to be presented to the user,\npossibly tricking them into accepting the certificate as valid.\n(CVE-2011-3365)\n\nUsers should upgrade to these updated packages, which contain a backported\npatch to correct this issue. The desktop must be restarted (log out, then\nlog back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018167.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018168.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-October/018123.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-October/018124.html\n\n**Affected packages:**\nkdelibs\nkdelibs-apidocs\nkdelibs-devel\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2011-1385.html", "modified": "2011-11-09T15:45:49", "published": "2011-10-19T17:24:20", "href": "http://lists.centos.org/pipermail/centos-announce/2011-October/018123.html", "id": "CESA-2011:1385", "title": "kdelibs security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}