Lucene search
Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-2186-1.NASLHistoryMay 01, 2014 - 12:00 a.m.
Ubuntu 13.10 : indicator-datetime vulnerability (USN-2186-1)
2014-05-0100:00:00
Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS
0
Percentile
5.1%
It was discovered that the Date and Time Indicator incorrectly allowed Evolution to be opened at the greeter screen. An attacker could use this issue to possibly gain unexpected access to applications such as a web browser with privileges of the greeter user.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2186-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(73800);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2013-7374");
script_bugtraq_id(67122);
script_xref(name:"USN", value:"2186-1");
script_name(english:"Ubuntu 13.10 : indicator-datetime vulnerability (USN-2186-1)");
script_summary(english:"Checks dpkg output for updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Ubuntu host is missing a security-related patch."
);
script_set_attribute(
attribute:"description",
value:
"It was discovered that the Date and Time Indicator incorrectly allowed
Evolution to be opened at the greeter screen. An attacker could use
this issue to possibly gain unexpected access to applications such as
a web browser with privileges of the greeter user.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://usn.ubuntu.com/2186-1/"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected indicator-datetime package."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:indicator-datetime");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:13.10");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/01");
script_set_attribute(attribute:"patch_publication_date", value:"2014/04/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/01");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Ubuntu Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(13\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 13.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
flag = 0;
if (ubuntu_check(osver:"13.10", pkgname:"indicator-datetime", pkgver:"13.10.0+13.10.20131023.2-0ubuntu1.1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "indicator-datetime");
}
Related
openvas
openvas
Ubuntu: Security Advisory (USN-2186-1)
2014-05-05 00:00:00
Ubuntu Update for indicator-datetime USN-2186-1
2014-05-05 00:00:00
prion
prion
Sql injection
2014-05-01 17:28:00
ubuntu
ubuntu
Date and Time Indicator vulnerability
2014-04-30 00:00:00
securityvulns
securityvulns
Ubuntu Date and Time Indicator privilege escalation
2014-05-02 00:00:00
[USN-2186-1] Date and Time Indicator vulnerability
2014-05-02 00:00:00
ubuntucve
ubuntucve
CVE-2013-7374
2014-04-30 00:00:00
cve
cve
CVE-2013-7374
2014-05-01 17:28:36
nvd
nvd
CVE-2013-7374
2014-05-01 17:28:36
cvelist
cvelist
CVE-2013-7374
2014-05-01 14:00:00
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS
0
Percentile
5.1%
Related for UBUNTU_USN-2186-1.NASL