Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_2_KDENETWORK4-101119.NASL
HistoryMay 05, 2011 - 12:00 a.m.

openSUSE Security Update : kdenetwork4 (openSUSE-SU-2010:1076-1)

2011-05-0500:00:00
This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.006 Low

EPSS

Percentile

79.0%

JSON

This update of kdenetwork fixes several bugs, the security related issues are :

  • CVE-2010-1000: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): CWE-22 The ‘name’ attribute of the ‘file’ element of metalink files is not properly sanitised this can be exploited to download files to arbitrary directories.

Non-security issues :

  • bnc#653852: kopete: ICQ login broken; login server changed
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update kdenetwork4-3560.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(53739);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2008-4776", "CVE-2010-1000");

  script_name(english:"openSUSE Security Update : kdenetwork4 (openSUSE-SU-2010:1076-1)");
  script_summary(english:"Check for the kdenetwork4-3560 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update of kdenetwork fixes several bugs, the security related
issues are :

  - CVE-2010-1000: CVSS v2 Base Score: 4.3
    (AV:N/AC:M/Au:N/C:N/I:P/A:N): CWE-22 The 'name'
    attribute of the 'file' element of metalink files is not
    properly sanitised this can be exploited to download
    files to arbitrary directories.

Non-security issues :

  - bnc#653852: kopete: ICQ login broken; login server
    changed"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=604709"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=653852"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2010-12/msg00042.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kdenetwork4 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdenetwork4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdenetwork4-filesharing");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdnssd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kget");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kopete");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kopete-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kppp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krdc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krfb");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/11/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.2", reference:"kdenetwork4-4.3.5-0.4.1") ) flag++;
if ( rpm_check(release:"SUSE11.2", reference:"kdenetwork4-filesharing-4.3.5-0.4.1") ) flag++;
if ( rpm_check(release:"SUSE11.2", reference:"kdnssd-4.3.5-0.4.1") ) flag++;
if ( rpm_check(release:"SUSE11.2", reference:"kget-4.3.5-0.4.1") ) flag++;
if ( rpm_check(release:"SUSE11.2", reference:"kopete-4.3.5-0.4.1") ) flag++;
if ( rpm_check(release:"SUSE11.2", reference:"kopete-devel-4.3.5-0.4.1") ) flag++;
if ( rpm_check(release:"SUSE11.2", reference:"kppp-4.3.5-0.4.1") ) flag++;
if ( rpm_check(release:"SUSE11.2", reference:"krdc-4.3.5-0.4.1") ) flag++;
if ( rpm_check(release:"SUSE11.2", reference:"krfb-4.3.5-0.4.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdenetwork");
}
VendorProductVersionCPE
novellopensusekdenetwork4p-cpe:/a:novell:opensuse:kdenetwork4
novellopensusekdenetwork4-filesharingp-cpe:/a:novell:opensuse:kdenetwork4-filesharing
novellopensusekdnssdp-cpe:/a:novell:opensuse:kdnssd
novellopensusekgetp-cpe:/a:novell:opensuse:kget
novellopensusekopetep-cpe:/a:novell:opensuse:kopete
novellopensusekopete-develp-cpe:/a:novell:opensuse:kopete-devel
novellopensusekpppp-cpe:/a:novell:opensuse:kppp
novellopensusekrdcp-cpe:/a:novell:opensuse:krdc
novellopensusekrfbp-cpe:/a:novell:opensuse:krfb
novellopensuse11.2cpe:/o:novell:opensuse:11.2

Related

nessus 19
ubuntucve 3
securityvulns 5
debiancve 1
openvas 102
redhatcve 1
nvd 3
altlinux 1
cve 3
debian 1
cvelist 3
prion 3
ubuntu 2
fedora 51
oraclelinux 1
nessus
nessus
SuSE 11 / 11.1 Security Update : kdenetwork (SAT Patch Numbers 3563 / 3564)
2010-12-16 00:00:00
openSUSE Security Update : kdenetwork4 (openSUSE-SU-2010:1076-1)
2014-06-13 00:00:00
openSUSE Security Update : kdenetwork3 (openSUSE-SU-2010:1085-1)
2011-05-05 00:00:00
ubuntucve
ubuntucve
CVE-2008-4776
2008-10-28 00:00:00
CVE-2010-1000
2010-05-12 00:00:00
CVE-2011-1586
2011-04-18 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 1664-1] New ekg packages fix denial of service
2008-11-11 00:00:00
DoS against libgadu / ekg Gadu-Gadu client
2008-11-11 00:00:00
Secunia Research: KDE KGet metalink "name" Directory Traversal Vulnerability
2010-05-14 00:00:00
debiancve
debiancve
CVE-2008-4776
2008-10-28 19:46:09
openvas
openvas
Mandriva Security Advisory MDVSA-2009:208-1 (libgadu)
2009-12-10 00:00:00
Mandrake Security Advisory MDVSA-2009:208 (libgadu)
2009-09-02 00:00:00
Debian Security Advisory DSA 1664-1 (ekg)
2008-11-19 00:00:00
redhatcve
redhatcve
CVE-2008-4776
2019-10-04 20:37:21
nvd
nvd
CVE-2008-4776
2008-10-28 19:46:09
CVE-2010-1000
2010-05-17 21:00:01
CVE-2011-1586
2011-04-27 00:55:04
altlinux
altlinux
Security fix for the ALT Linux 5 package centerim version 4.22.8-alt1
2009-08-11 00:00:00
cve
cve
CVE-2008-4776
2008-10-28 19:46:09
CVE-2010-1000
2010-05-17 21:00:01
CVE-2011-1586
2011-04-27 00:55:04
debian
debian
[SECURITY] [DSA 1664-1] New ekg packages fix denial of service
2008-11-10 18:52:41
cvelist
cvelist
CVE-2008-4776
2008-10-28 19:00:00
CVE-2010-1000
2010-05-17 20:42:00
CVE-2011-1586
2011-04-27 00:00:00
prion
prion
Directory traversal
2010-05-17 21:00:00
Buffer overflow
2008-10-28 19:46:00
Directory traversal
2011-04-27 00:55:00
ubuntu
ubuntu
Gadu vulnerability
2008-12-17 00:00:00
KDENetwork vulnerabilities
2010-05-13 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: kdenetwork-4.6.2-2.fc15
2011-04-26 16:24:32
[SECURITY] Fedora 12 Update: kdenetwork-4.4.3-3.fc12
2010-05-26 21:41:20
[SECURITY] Fedora 12 Update: kdepim-runtime-4.4.3-1.fc12.1
2010-05-26 21:41:20
oraclelinux
oraclelinux
kdenetwork security update
2011-04-21 00:00:00

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.006 Low

EPSS

Percentile

79.0%

JSON
Related for SUSE_11_2_KDENETWORK4-101119.NASL
nessus19ubuntucve3securityvulns5debiancve1openvas102redhatcve1nvd3altlinux1cve3debian1cvelist3prion3ubuntu2fedora51oraclelinux1