ID UBUNTU_USN-2741-1.NASL Type nessus Reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2019-12-02T00:00:00
Description
It was discovered that the Unity Settings Daemon incorrectly allowed
removable media to be mounted when the screen is locked. If a
vulnerability were discovered in some other desktop component, such as
an image library, a local attacker could possibly use this issue to
gain access to the session.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2741-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include("compat.inc");
if (description)
{
script_id(85983);
script_version("1.7");
script_cvs_date("Date: 2019/09/18 12:31:44");
script_cve_id("CVE-2015-1319");
script_xref(name:"USN", value:"2741-1");
script_name(english:"Ubuntu 14.04 LTS / 15.04 : unity-settings-daemon vulnerability (USN-2741-1)");
script_summary(english:"Checks dpkg output for updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Ubuntu host is missing a security-related patch."
);
script_set_attribute(
attribute:"description",
value:
"It was discovered that the Unity Settings Daemon incorrectly allowed
removable media to be mounted when the screen is locked. If a
vulnerability were discovered in some other desktop component, such as
an image library, a local attacker could possibly use this issue to
gain access to the session.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://usn.ubuntu.com/2741-1/"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected unity-settings-daemon package."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:unity-settings-daemon");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/17");
script_set_attribute(attribute:"patch_publication_date", value:"2015/09/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/17");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Ubuntu Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(14\.04|15\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 15.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
flag = 0;
if (ubuntu_check(osver:"14.04", pkgname:"unity-settings-daemon", pkgver:"14.04.0+14.04.20150825-0ubuntu2")) flag++;
if (ubuntu_check(osver:"15.04", pkgname:"unity-settings-daemon", pkgver:"15.04.1+15.04.20150408-0ubuntu1.2")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unity-settings-daemon");
}
{"id": "UBUNTU_USN-2741-1.NASL", "bulletinFamily": "scanner", "title": "Ubuntu 14.04 LTS / 15.04 : unity-settings-daemon vulnerability (USN-2741-1)", "description": "It was discovered that the Unity Settings Daemon incorrectly allowed\nremovable media to be mounted when the screen is locked. If a\nvulnerability were discovered in some other desktop component, such as\nan image library, a local attacker could possibly use this issue to\ngain access to the session.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2015-09-17T00:00:00", "modified": "2019-12-02T00:00:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/85983", "reporter": "Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://usn.ubuntu.com/2741-1/"], "cvelist": ["CVE-2015-1319"], "type": "nessus", "lastseen": "2019-12-13T09:45:14", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "p-cpe:/a:canonical:ubuntu_linux:unity-settings-daemon", "cpe:/o:canonical:ubuntu_linux:14.04"], "cvelist": ["CVE-2015-1319"], "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "description": "It was discovered that the Unity Settings Daemon incorrectly allowed\nremovable media to be mounted when the screen is locked. If a\nvulnerability were discovered in some other desktop component, such as\nan image library, a local attacker could possibly use this issue to\ngain access to the session.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 10, "enchantments": {"dependencies": {"modified": "2019-11-03T12:31:00", "references": [{"idList": ["CVE-2015-1319"], "type": "cve"}, {"idList": ["SECURITYVULNS:DOC:32552", "SECURITYVULNS:VULN:14725"], "type": "securityvulns"}, {"idList": ["USN-2741-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310842438"], "type": "openvas"}]}, "score": {"modified": "2019-11-03T12:31:00", "value": 4.8, "vector": "NONE"}}, "hash": "0cbd3ccc8919c9ffae943f70458be222218519b2e1389784fed5a98358a12c43", "hashmap": [{"hash": "45414c2fa32c1741b908fe352feb8ef8", "key": "cvelist"}, {"hash": "22bdd68baef7293e231c3e3a350ef5b3", "key": "pluginID"}, {"hash": "b84c0044884bb0e96c08581962599d69", "key": "published"}, {"hash": "72ff77b93c9b05719938cdf3089ecf18", "key": "href"}, {"hash": "abcf9266f425f12dda38f529cd4a94bc", "key": "modified"}, {"hash": "e2648f5ff78a2eb46a5b17171e063fed", "key": "reporter"}, {"hash": "e033d837b317e7629abad883fadba274", "key": "sourceData"}, {"hash": "431cbe24c44a4c8365feaf989cb05b9d", "key": "cpe"}, {"hash": "854e2be85617eeb68e277b0349cf4dfb", "key": "description"}, {"hash": "17e70f50527a49b4899469454ef60058", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b7fcb8f67b0161618421677ad41db2f3", "key": "title"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "e3db0820c7ff096439be3031222682ae", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/85983", "id": "UBUNTU_USN-2741-1.NASL", "lastseen": "2019-11-03T12:31:00", "modified": "2019-11-02T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "85983", "published": "2015-09-17T00:00:00", "references": ["https://usn.ubuntu.com/2741-1/"], "reporter": "Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2741-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85983);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/18 12:31:44\");\n\n script_cve_id(\"CVE-2015-1319\");\n script_xref(name:\"USN\", value:\"2741-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 15.04 : unity-settings-daemon vulnerability (USN-2741-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Unity Settings Daemon incorrectly allowed\nremovable media to be mounted when the screen is locked. If a\nvulnerability were discovered in some other desktop component, such as\nan image library, a local attacker could possibly use this issue to\ngain access to the session.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2741-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unity-settings-daemon package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:unity-settings-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"unity-settings-daemon\", pkgver:\"14.04.0+14.04.20150825-0ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"unity-settings-daemon\", pkgver:\"15.04.1+15.04.20150408-0ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unity-settings-daemon\");\n}\n", "title": "Ubuntu 14.04 LTS / 15.04 : unity-settings-daemon vulnerability (USN-2741-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified"], "edition": 10, "lastseen": "2019-11-03T12:31:00"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "p-cpe:/a:canonical:ubuntu_linux:unity-settings-daemon", "cpe:/o:canonical:ubuntu_linux:14.04"], "cvelist": ["CVE-2015-1319"], "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "It was discovered that the Unity Settings Daemon incorrectly allowed removable media to be mounted when the screen is locked. If a vulnerability were discovered in some other desktop component, such as an image library, a local attacker could possibly use this issue to gain access to the session.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "85e44ce533bf915c674a31165a2ae1a9014f0129608c176291ef588051cd2e39", "hashmap": [{"hash": "45414c2fa32c1741b908fe352feb8ef8", "key": "cvelist"}, {"hash": "22bdd68baef7293e231c3e3a350ef5b3", "key": "pluginID"}, {"hash": "b84c0044884bb0e96c08581962599d69", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "be2cc217af0090dc52c70edb1a3402fd", "key": "href"}, {"hash": "431cbe24c44a4c8365feaf989cb05b9d", "key": "cpe"}, {"hash": "0b7bc3d628637c0ff555114c533a3dda", "key": "modified"}, {"hash": "a8737aa9dfa86892ca04b651ccab68a6", "key": "description"}, {"hash": "63a08cc2574ae211cc5d7a021ccd7b40", "key": "sourceData"}, {"hash": "ed2d4671248fcbbd20d1024a19762693", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b7fcb8f67b0161618421677ad41db2f3", "key": "title"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "e3db0820c7ff096439be3031222682ae", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=85983", "id": "UBUNTU_USN-2741-1.NASL", "lastseen": "2018-12-02T15:33:55", "modified": "2018-12-01T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "85983", "published": "2015-09-17T00:00:00", "references": ["https://usn.ubuntu.com/2741-1/"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2741-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85983);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/12/01 15:12:40\");\n\n script_cve_id(\"CVE-2015-1319\");\n script_xref(name:\"USN\", value:\"2741-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 15.04 : unity-settings-daemon vulnerability (USN-2741-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Unity Settings Daemon incorrectly allowed\nremovable media to be mounted when the screen is locked. If a\nvulnerability were discovered in some other desktop component, such as\nan image library, a local attacker could possibly use this issue to\ngain access to the session.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2741-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unity-settings-daemon package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:unity-settings-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"unity-settings-daemon\", pkgver:\"14.04.0+14.04.20150825-0ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"unity-settings-daemon\", pkgver:\"15.04.1+15.04.20150408-0ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unity-settings-daemon\");\n}\n", "title": "Ubuntu 14.04 LTS / 15.04 : unity-settings-daemon vulnerability (USN-2741-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 6, "lastseen": "2018-12-02T15:33:55"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "p-cpe:/a:canonical:ubuntu_linux:unity-settings-daemon", "cpe:/o:canonical:ubuntu_linux:14.04"], "cvelist": ["CVE-2015-1319"], "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "It was discovered that the Unity Settings Daemon incorrectly allowed removable media to be mounted when the screen is locked. If a vulnerability were discovered in some other desktop component, such as an image library, a local attacker could possibly use this issue to gain access to the session.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "8f2e183791d5c4c850c50355203ebe23190305b114eab235d4a4d36504dfa4cd", "hashmap": [{"hash": "45414c2fa32c1741b908fe352feb8ef8", "key": "cvelist"}, {"hash": "22bdd68baef7293e231c3e3a350ef5b3", "key": "pluginID"}, {"hash": "b84c0044884bb0e96c08581962599d69", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "be2cc217af0090dc52c70edb1a3402fd", "key": "href"}, {"hash": "431cbe24c44a4c8365feaf989cb05b9d", "key": "cpe"}, {"hash": "8348749247f42bfdf54c57792b1a9561", "key": "sourceData"}, {"hash": "a8737aa9dfa86892ca04b651ccab68a6", "key": "description"}, {"hash": "ed2d4671248fcbbd20d1024a19762693", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b7fcb8f67b0161618421677ad41db2f3", "key": "title"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "21fc9686c146fcf6b16f09134dff3269", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=85983", "id": "UBUNTU_USN-2741-1.NASL", "lastseen": "2018-09-01T23:49:44", "modified": "2018-08-03T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "85983", "published": "2015-09-17T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2741-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85983);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/08/03 12:21:25\");\n\n script_cve_id(\"CVE-2015-1319\");\n script_xref(name:\"USN\", value:\"2741-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 15.04 : unity-settings-daemon vulnerability (USN-2741-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Unity Settings Daemon incorrectly allowed\nremovable media to be mounted when the screen is locked. If a\nvulnerability were discovered in some other desktop component, such as\nan image library, a local attacker could possibly use this issue to\ngain access to the session.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unity-settings-daemon package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:unity-settings-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"unity-settings-daemon\", pkgver:\"14.04.0+14.04.20150825-0ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"unity-settings-daemon\", pkgver:\"15.04.1+15.04.20150408-0ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unity-settings-daemon\");\n}\n", "title": "Ubuntu 14.04 LTS / 15.04 : unity-settings-daemon vulnerability (USN-2741-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["references", "modified", "sourceData"], "edition": 5, "lastseen": "2018-09-01T23:49:44"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "p-cpe:/a:canonical:ubuntu_linux:unity-settings-daemon", "cpe:/o:canonical:ubuntu_linux:14.04"], "cvelist": ["CVE-2015-1319"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "It was discovered that the Unity Settings Daemon incorrectly allowed removable media to be mounted when the screen is locked. If a vulnerability were discovered in some other desktop component, such as an image library, a local attacker could possibly use this issue to gain access to the session.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "e1fc2104cc88b6ed77c851e3fed41cab49788a0ee9a7b5677516a0ccab0500e0", "hashmap": [{"hash": "45414c2fa32c1741b908fe352feb8ef8", "key": "cvelist"}, {"hash": "22bdd68baef7293e231c3e3a350ef5b3", "key": "pluginID"}, {"hash": "b84c0044884bb0e96c08581962599d69", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "be2cc217af0090dc52c70edb1a3402fd", "key": "href"}, {"hash": "431cbe24c44a4c8365feaf989cb05b9d", "key": "cpe"}, {"hash": "8348749247f42bfdf54c57792b1a9561", "key": "sourceData"}, {"hash": "a8737aa9dfa86892ca04b651ccab68a6", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b7fcb8f67b0161618421677ad41db2f3", "key": "title"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "21fc9686c146fcf6b16f09134dff3269", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=85983", "id": "UBUNTU_USN-2741-1.NASL", "lastseen": "2018-08-30T19:43:33", "modified": "2018-08-03T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "85983", "published": "2015-09-17T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2741-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85983);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/08/03 12:21:25\");\n\n script_cve_id(\"CVE-2015-1319\");\n script_xref(name:\"USN\", value:\"2741-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 15.04 : unity-settings-daemon vulnerability (USN-2741-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Unity Settings Daemon incorrectly allowed\nremovable media to be mounted when the screen is locked. If a\nvulnerability were discovered in some other desktop component, such as\nan image library, a local attacker could possibly use this issue to\ngain access to the session.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unity-settings-daemon package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:unity-settings-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"unity-settings-daemon\", pkgver:\"14.04.0+14.04.20150825-0ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"unity-settings-daemon\", pkgver:\"15.04.1+15.04.20150408-0ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unity-settings-daemon\");\n}\n", "title": "Ubuntu 14.04 LTS / 15.04 : unity-settings-daemon vulnerability (USN-2741-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:43:33"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "p-cpe:/a:canonical:ubuntu_linux:unity-settings-daemon", "cpe:/o:canonical:ubuntu_linux:14.04"], "cvelist": ["CVE-2015-1319"], "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "description": "It was discovered that the Unity Settings Daemon incorrectly allowed\nremovable media to be mounted when the screen is locked. If a\nvulnerability were discovered in some other desktop component, such as\nan image library, a local attacker could possibly use this issue to\ngain access to the session.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 9, "enchantments": {"dependencies": {"modified": "2019-10-28T21:34:45", "references": [{"idList": ["CVE-2015-1319"], "type": "cve"}, {"idList": ["SECURITYVULNS:DOC:32552", "SECURITYVULNS:VULN:14725"], "type": "securityvulns"}, {"idList": ["USN-2741-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310842438"], "type": "openvas"}]}, "score": {"modified": "2019-10-28T21:34:45", "value": 4.8, "vector": "NONE"}}, "hash": "313d21b56cfa09d5ed21c5ad9efeb1f7c08b58cd161d25eaef50b998c305fd5e", "hashmap": [{"hash": "45414c2fa32c1741b908fe352feb8ef8", "key": "cvelist"}, {"hash": "22bdd68baef7293e231c3e3a350ef5b3", "key": "pluginID"}, {"hash": "b84c0044884bb0e96c08581962599d69", "key": "published"}, {"hash": "72ff77b93c9b05719938cdf3089ecf18", "key": "href"}, {"hash": "e2648f5ff78a2eb46a5b17171e063fed", "key": "reporter"}, {"hash": "e033d837b317e7629abad883fadba274", "key": "sourceData"}, {"hash": "431cbe24c44a4c8365feaf989cb05b9d", "key": "cpe"}, {"hash": "854e2be85617eeb68e277b0349cf4dfb", "key": "description"}, {"hash": "17e70f50527a49b4899469454ef60058", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "b7fcb8f67b0161618421677ad41db2f3", "key": "title"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "e3db0820c7ff096439be3031222682ae", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/85983", "id": "UBUNTU_USN-2741-1.NASL", "lastseen": "2019-10-28T21:34:45", "modified": "2019-10-02T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "85983", "published": "2015-09-17T00:00:00", "references": ["https://usn.ubuntu.com/2741-1/"], "reporter": "Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2741-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85983);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/18 12:31:44\");\n\n script_cve_id(\"CVE-2015-1319\");\n script_xref(name:\"USN\", value:\"2741-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 15.04 : unity-settings-daemon vulnerability (USN-2741-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Unity Settings Daemon incorrectly allowed\nremovable media to be mounted when the screen is locked. If a\nvulnerability were discovered in some other desktop component, such as\nan image library, a local attacker could possibly use this issue to\ngain access to the session.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2741-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unity-settings-daemon package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:unity-settings-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"unity-settings-daemon\", pkgver:\"14.04.0+14.04.20150825-0ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"unity-settings-daemon\", pkgver:\"15.04.1+15.04.20150408-0ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unity-settings-daemon\");\n}\n", "title": "Ubuntu 14.04 LTS / 15.04 : unity-settings-daemon vulnerability (USN-2741-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified"], "edition": 9, "lastseen": "2019-10-28T21:34:45"}], "edition": 11, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "431cbe24c44a4c8365feaf989cb05b9d"}, {"key": "cvelist", "hash": "45414c2fa32c1741b908fe352feb8ef8"}, {"key": "cvss", "hash": "17e70f50527a49b4899469454ef60058"}, {"key": "description", "hash": "854e2be85617eeb68e277b0349cf4dfb"}, {"key": "href", "hash": "72ff77b93c9b05719938cdf3089ecf18"}, {"key": "modified", "hash": "5a7504dfe859a7ccbaf560628f6442ad"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "pluginID", "hash": "22bdd68baef7293e231c3e3a350ef5b3"}, {"key": "published", "hash": "b84c0044884bb0e96c08581962599d69"}, {"key": "references", "hash": "e3db0820c7ff096439be3031222682ae"}, {"key": "reporter", "hash": "e2648f5ff78a2eb46a5b17171e063fed"}, {"key": "sourceData", "hash": "e033d837b317e7629abad883fadba274"}, {"key": "title", "hash": "b7fcb8f67b0161618421677ad41db2f3"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "ef1acace4500fbf275991d051f4d3bf77049bf64dcd765f254848f06fb7f7a13", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-1319"]}, {"type": "ubuntu", "idList": ["USN-2741-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842438"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32552", "SECURITYVULNS:VULN:14725"]}], "modified": "2019-12-13T09:45:14"}, "score": {"value": 4.8, "vector": "NONE", "modified": "2019-12-13T09:45:14"}, "vulnersScore": 4.8}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2741-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85983);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/18 12:31:44\");\n\n script_cve_id(\"CVE-2015-1319\");\n script_xref(name:\"USN\", value:\"2741-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 15.04 : unity-settings-daemon vulnerability (USN-2741-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Unity Settings Daemon incorrectly allowed\nremovable media to be mounted when the screen is locked. If a\nvulnerability were discovered in some other desktop component, such as\nan image library, a local attacker could possibly use this issue to\ngain access to the session.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2741-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unity-settings-daemon package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:unity-settings-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"unity-settings-daemon\", pkgver:\"14.04.0+14.04.20150825-0ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"unity-settings-daemon\", pkgver:\"15.04.1+15.04.20150408-0ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unity-settings-daemon\");\n}\n", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "85983", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "p-cpe:/a:canonical:ubuntu_linux:unity-settings-daemon", "cpe:/o:canonical:ubuntu_linux:14.04"], "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:14:40", "bulletinFamily": "NVD", "description": "The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a USB thumb drive.", "modified": "2019-02-04T18:59:00", "id": "CVE-2015-1319", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1319", "published": "2015-09-17T16:59:00", "title": "CVE-2015-1319", "type": "cve", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:48", "bulletinFamily": "unix", "description": "It was discovered that the Unity Settings Daemon incorrectly allowed removable media to be mounted when the screen is locked. If a vulnerability were discovered in some other desktop component, such as an image library, a local attacker could possibly use this issue to gain access to the session.", "modified": "2015-09-16T00:00:00", "published": "2015-09-16T00:00:00", "id": "USN-2741-1", "href": "https://usn.ubuntu.com/2741-1/", "title": "Unity Settings Daemon vulnerability", "type": "ubuntu", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2741-1\r\nSeptember 16, 2015\r\n\r\nunity-settings-daemon vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n\r\nSummary:\r\n\r\nUnity Settings Daemon would allow mounting removable media while the screen\r\nis locked.\r\n\r\nSoftware Description:\r\n- unity-settings-daemon: daemon handling the Unity session settings\r\n\r\nDetails:\r\n\r\nIt was discovered that the Unity Settings Daemon incorrectly allowed\r\nremovable media to be mounted when the screen is locked. If a vulnerability\r\nwere discovered in some other desktop component, such as an image library,\r\na local attacker could possibly use this issue to gain access to the\r\nsession.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.04:\r\n unity-settings-daemon 15.04.1+15.04.20150408-0ubuntu1.2\r\n\r\nUbuntu 14.04 LTS:\r\n unity-settings-daemon 14.04.0+14.04.20150825-0ubuntu2\r\n\r\nAfter a standard system update you need to restart your session to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2741-1\r\n CVE-2015-1319\r\n\r\nPackage Information:\r\n\r\nhttps://launchpad.net/ubuntu/+source/unity-settings-daemon/15.04.1+15.04.20150408-0ubuntu1.2\r\n\r\nhttps://launchpad.net/ubuntu/+source/unity-settings-daemon/14.04.0+14.04.20150825-0ubuntu2\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "modified": "2015-10-12T00:00:00", "published": "2015-10-12T00:00:00", "id": "SECURITYVULNS:DOC:32552", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32552", "title": "[USN-2741-1] Unity Settings Daemon vulnerability", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "description": "User's session access.", "modified": "2015-10-12T00:00:00", "published": "2015-10-12T00:00:00", "id": "SECURITYVULNS:VULN:14725", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14725", "title": "Unity Settings Daemon privilege escalation", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2019-05-29T18:36:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-09-17T00:00:00", "id": "OPENVAS:1361412562310842438", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842438", "title": "Ubuntu Update for unity-settings-daemon USN-2741-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for unity-settings-daemon USN-2741-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842438\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-17 06:18:57 +0200 (Thu, 17 Sep 2015)\");\n script_cve_id(\"CVE-2015-1319\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for unity-settings-daemon USN-2741-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'unity-settings-daemon'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the Unity Settings\nDaemon incorrectly allowed removable media to be mounted when the screen is\nlocked. If a vulnerability were discovered in some other desktop component, such\nas an image library, a local attacker could possibly use this issue to gain access\nto the session.\");\n script_tag(name:\"affected\", value:\"unity-settings-daemon on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2741-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2741-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"unity-settings-daemon\", ver:\"14.04.0+14.04.20150825-0ubuntu2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}]}
