Lucene search
Copyright (C) 2014 Greenbone AGOPENVAS:1361412562310841800HistoryMay 05, 2014 - 12:00 a.m.
Ubuntu: Security Advisory (USN-2186-1)
2014-05-0500:00:00
Copyright (C) 2014 Greenbone AG
plugins.openvas.org
15
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0
Percentile
5.1%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2014 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.841800");
script_cve_id("CVE-2013-7374");
script_tag(name:"creation_date", value:"2014-05-05 05:55:19 +0000 (Mon, 05 May 2014)");
script_version("2024-02-02T05:06:05+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:05 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"4.6");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_name("Ubuntu: Security Advisory (USN-2186-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2014 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU13\.10");
script_xref(name:"Advisory-ID", value:"USN-2186-1");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-2186-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'indicator-datetime' package(s) announced via the USN-2186-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"It was discovered that the Date and Time Indicator incorrectly allowed
Evolution to be opened at the greeter screen. An attacker could use this
issue to possibly gain unexpected access to applications such as a web
browser with privileges of the greeter user.");
script_tag(name:"affected", value:"'indicator-datetime' package(s) on Ubuntu 13.10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU13.10") {
if(!isnull(res = isdpkgvuln(pkg:"indicator-datetime", ver:"13.10.0+13.10.20131023.2-0ubuntu1.1", rls:"UBUNTU13.10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
openvas
openvas
Ubuntu Update for indicator-datetime USN-2186-1
2014-05-05 00:00:00
ubuntucve
ubuntucve
CVE-2013-7374
2014-04-30 00:00:00
nessus
nessus
Ubuntu 13.10 : indicator-datetime vulnerability (USN-2186-1)
2014-05-01 00:00:00
cve
cve
CVE-2013-7374
2014-05-01 17:28:36
prion
prion
Sql injection
2014-05-01 17:28:00
ubuntu
ubuntu
Date and Time Indicator vulnerability
2014-04-30 00:00:00
securityvulns
securityvulns
Ubuntu Date and Time Indicator privilege escalation
2014-05-02 00:00:00
[USN-2186-1] Date and Time Indicator vulnerability
2014-05-02 00:00:00
nvd
nvd
CVE-2013-7374
2014-05-01 17:28:36
cvelist
cvelist
CVE-2013-7374
2014-05-01 14:00:00
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0
Percentile
5.1%
Related for OPENVAS:1361412562310841800