Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 Tenable Network Security, Inc.SUSE_FILESHARESET-6942.NASL
HistoryApr 15, 2010 - 12:00 a.m.

SuSE 10 Security Update : kdm (ZYPP Patch Number 6942)

2010-04-1500:00:00
This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.
www.tenable.com
10
JSON

The KDE display manager kdm contains a race condition which allows local attackers to make arbitrary files orld writable. CVE-2010-0436 has been assigned to this issue.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(45539);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2010-0436");

  script_name(english:"SuSE 10 Security Update : kdm (ZYPP Patch Number 6942)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 10 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The KDE display manager kdm contains a race condition which allows
local attackers to make arbitrary files orld writable. CVE-2010-0436
has been assigned to this issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-0436.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 6942.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/03/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/04/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SLED10", sp:2, reference:"fileshareset-2.0-84.74.2")) flag++;
if (rpm_check(release:"SLED10", sp:2, reference:"kdebase3-3.5.1-69.75.2")) flag++;
if (rpm_check(release:"SLED10", sp:2, reference:"kdebase3-beagle-3.5.1-69.75.2")) flag++;
if (rpm_check(release:"SLED10", sp:2, reference:"kdebase3-devel-3.5.1-69.75.2")) flag++;
if (rpm_check(release:"SLED10", sp:2, reference:"kdebase3-kdm-3.5.1-69.75.2")) flag++;
if (rpm_check(release:"SLED10", sp:2, reference:"kdebase3-ksysguardd-3.5.1-69.75.2")) flag++;
if (rpm_check(release:"SLED10", sp:2, reference:"kdebase3-nsplugin-3.5.1-69.75.2")) flag++;
if (rpm_check(release:"SLED10", sp:2, reference:"kdebase3-samba-3.5.1-69.75.2")) flag++;
if (rpm_check(release:"SLED10", sp:2, reference:"kdebase3-session-3.5.1-69.75.2")) flag++;
if (rpm_check(release:"SLED10", sp:2, cpu:"x86_64", reference:"kdebase3-32bit-3.5.1-69.75.2")) flag++;
if (rpm_check(release:"SLES10", sp:2, reference:"fileshareset-2.0-84.74.2")) flag++;
if (rpm_check(release:"SLES10", sp:2, reference:"kdebase3-3.5.1-69.75.2")) flag++;
if (rpm_check(release:"SLES10", sp:2, reference:"kdebase3-devel-3.5.1-69.75.2")) flag++;
if (rpm_check(release:"SLES10", sp:2, reference:"kdebase3-extra-3.5.1-69.75.2")) flag++;
if (rpm_check(release:"SLES10", sp:2, reference:"kdebase3-kdm-3.5.1-69.75.2")) flag++;
if (rpm_check(release:"SLES10", sp:2, reference:"kdebase3-ksysguardd-3.5.1-69.75.2")) flag++;
if (rpm_check(release:"SLES10", sp:2, reference:"kdebase3-nsplugin-3.5.1-69.75.2")) flag++;
if (rpm_check(release:"SLES10", sp:2, reference:"kdebase3-samba-3.5.1-69.75.2")) flag++;
if (rpm_check(release:"SLES10", sp:2, reference:"kdebase3-session-3.5.1-69.75.2")) flag++;
if (rpm_check(release:"SLES10", sp:2, cpu:"x86_64", reference:"kdebase3-32bit-3.5.1-69.75.2")) flag++;
if (rpm_check(release:"SLES10", sp:2, cpu:"x86_64", reference:"kdebase3-nsplugin64-3.5.1-69.75.2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else exit(0, "The host is not affected.");
VendorProductVersionCPE
susesuse_linuxcpe:/o:suse:suse_linux

Related

openvas 115
fedora 50
debian 1
nessus 21
ubuntu 1
ubuntucve 1
securityvulns 2
centos 1
freebsd 1
veracode 1
redhat 1
cve 1
prion 1
oraclelinux 1
slackware 1
openvas
openvas
Debian Security Advisory DSA 2037-1 (kdm (kdebase))
2010-04-21 00:00:00
Fedora Update for kdeplasma-addons FEDORA-2010-6096
2010-04-19 00:00:00
Fedora Update for kdeaccessibility FEDORA-2010-6096
2010-04-19 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: kdebindings-4.4.2-1.fc11
2010-04-16 23:53:19
[SECURITY] Fedora 12 Update: kdepimlibs-4.4.2-1.fc12
2010-04-16 23:34:08
[SECURITY] Fedora 12 Update: kdelibs-4.4.2-2.fc12
2010-04-16 23:34:08
debian
debian
[SECURITY] [DSA 2037-1] New kdm packages fix privilege escalation
2010-04-17 21:54:51
nessus
nessus
openSUSE Security Update : fileshareset (fileshareset-2204)
2010-04-15 00:00:00
FreeBSD : KDM -- local privilege escalation vulnerability (3987c5d1-47a9-11df-a0d5-0016d32f24fb)
2010-04-15 00:00:00
RHEL 4 / 5 : kdebase (RHSA-2010:0348)
2010-05-11 00:00:00
ubuntu
ubuntu
KDM vulnerability
2010-04-19 00:00:00
ubuntucve
ubuntucve
CVE-2010-0436
2010-04-15 00:00:00
securityvulns
securityvulns
KDE kdm race conditions
2010-04-19 00:00:00
[ MDVSA-2010:074 ] kdebase
2010-04-19 00:00:00
centos
centos
kdebase security update
2010-04-20 16:36:19
freebsd
freebsd
KDM -- local privilege escalation vulnerability
2010-04-13 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:49:21
redhat
redhat
(RHSA-2010:0348) Important: kdebase security update
2010-04-14 00:00:00
cve
cve
CVE-2010-0436
2010-04-15 17:30:00
prion
prion
Race condition
2010-04-15 17:30:00
oraclelinux
oraclelinux
kdebase security update
2010-04-14 00:00:00
slackware
slackware
[slackware-security] kdebase-workspace
2010-04-20 17:51:39
JSON
Related for SUSE_FILESHARESET-6942.NASL
openvas115fedora50debian1nessus21ubuntu1ubuntucve1securityvulns2centos1freebsd1veracode1redhat1cve1prion1oraclelinux1slackware1