Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2012 Greenbone AGOPENVAS:136141256231053913
HistorySep 10, 2012 - 12:00 a.m.

Slackware: Security Advisory (SSA:2004-247-01)

2012-09-1000:00:00
Copyright (C) 2012 Greenbone AG
plugins.openvas.org
18

6.9 Medium

AI Score

Confidence

High

0.022 Low

EPSS

Percentile

89.4%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.53913");
  script_cve_id("CVE-2004-0689", "CVE-2004-0690", "CVE-2004-0721", "CVE-2004-0746");
  script_tag(name:"creation_date", value:"2012-09-10 23:34:21 +0000 (Mon, 10 Sep 2012)");
  script_version("2024-02-02T05:06:04+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:04 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2024-01-26 17:06:25 +0000 (Fri, 26 Jan 2024)");

  script_name("Slackware: Security Advisory (SSA:2004-247-01)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2012 Greenbone AG");
  script_family("Slackware Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/slackware_linux", "ssh/login/slackpack", re:"ssh/login/release=SLK(10\.0|9\.1|current)");

  script_xref(name:"Advisory-ID", value:"SSA:2004-247-01");
  script_xref(name:"URL", value:"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.440345");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'kde' package(s) announced via the SSA:2004-247-01 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"New kdelibs and kdebase packages are available for Slackware 9.1, 10.0,
and -current to fix security issues.

More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

 [link moved to references]
 [link moved to references]
 [link moved to references]
 [link moved to references]


Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Fri Sep 3 13:13:09 PDT 2004
patches/packages/kdebase-3.2.3-i486-2.tgz: Patched frame injection
 vulnerability in Konqueror. For more details, see:
 [link moved to references]
 (* Security fix *)
patches/packages/kdelibs-3.2.3-i486-2.tgz: Patched unsafe temporary directory
 usage, cross-domain cookie injection vulnerability for certain country
 specific domains, and frame injection vulnerability in Konqueror.
 For more details, see:
 [link moved to references]
 [link moved to references]
 [link moved to references]
 [link moved to references]
 (* Security fix *)
+--------------------------+");

  script_tag(name:"affected", value:"'kde' package(s) on Slackware 9.1, Slackware 10.0, Slackware current.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-slack.inc");

release = slk_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "SLK10.0") {

  if(!isnull(res = isslkpkgvuln(pkg:"kdebase", ver:"3.2.3-i486-2", rls:"SLK10.0"))) {
    report += res;
  }

  if(!isnull(res = isslkpkgvuln(pkg:"kdelibs", ver:"3.2.3-i486-2", rls:"SLK10.0"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLK9.1") {

  if(!isnull(res = isslkpkgvuln(pkg:"kdebase", ver:"3.1.4-i486-2", rls:"SLK9.1"))) {
    report += res;
  }

  if(!isnull(res = isslkpkgvuln(pkg:"kdelibs", ver:"3.1.4-i486-3", rls:"SLK9.1"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLKcurrent") {

  if(!isnull(res = isslkpkgvuln(pkg:"kdebase", ver:"3.2.3-i486-2", rls:"SLKcurrent"))) {
    report += res;
  }

  if(!isnull(res = isslkpkgvuln(pkg:"kdelibs", ver:"3.2.3-i486-2", rls:"SLKcurrent"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

openvas 15
nessus 14
slackware 1
securityvulns 3
redhat 1
freebsd 3
cve 5
cert 1
cvelist 5
debian 2
osv 1
prion 1
suse 1
openvas
openvas
Slackware Advisory SSA:2004-247-01 kde
2012-09-11 00:00:00
Gentoo Security Advisory GLSA 200408-13 (kde, kdebase, kdelibs)
2008-09-24 00:00:00
SLES9: Security update for KDE
2009-10-10 00:00:00
nessus
nessus
Slackware 10.0 / 9.1 / current : kde (SSA:2004-247-01)
2005-07-13 00:00:00
Mandrake Linux Security Advisory : kdelibs/kdebase (MDKSA-2004:086)
2004-08-22 00:00:00
Fedora Core 2 : kdebase-3.2.2-6.FC2 (2004-293)
2004-09-09 00:00:00
slackware
slackware
[slackware-security] kde
2004-09-04 05:01:35
securityvulns
securityvulns
KDE Security Advisories: Temporary File and Konqueror Frame Injection Vulnerabilities
2004-08-12 00:00:00
KDE Security Advisory: Konqueror Cross-Domain Cookie Injection
2004-08-25 00:00:00
wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities
2004-09-17 00:00:00
redhat
redhat
(RHSA-2004:412) kdelibs, kdebase security update
2004-10-05 00:00:00
freebsd
freebsd
kdelibs insecure temporary file handling
2004-08-11 00:00:00
kdelibs -- konqueror cross-domain cookie injection
2004-08-23 00:00:00
Mutiple browser frame injection vulnerability
2004-08-11 00:00:00
cve
cve
CVE-2004-0690
2004-09-28 04:00:00
CVE-2004-0721
2004-07-27 04:00:00
CVE-2004-0689
2004-09-28 04:00:00
cert
cert
KDE DCOPServer insecurely creates temporary files
2004-09-07 00:00:00
cvelist
cvelist
CVE-2004-0690
2004-09-14 04:00:00
CVE-2004-0721
2004-07-23 04:00:00
CVE-2004-0689
2004-08-19 04:00:00
debian
debian
[SECURITY] [DSA 539-1] New kdelibs packages fix denial of service
2004-08-17 10:37:34
[SECURITY] [DSA 539-1] New kdelibs packages fix denial of service
2004-08-17 00:00:00
osv
osv
kdelibs - denial of service
2004-08-17 00:00:00
prion
prion
Cross site scripting
2008-07-14 23:41:00
suse
suse
remote file disclosure in samba
2004-10-05 14:57:32

6.9 Medium

AI Score

Confidence

High

0.022 Low

EPSS

Percentile

89.4%

JSON
Related for OPENVAS:136141256231053913
openvas15nessus14slackware1securityvulns3redhat1freebsd3cve5cert1cvelist5debian2osv1prion1suse1