ID OPENVAS:1361412562310867192 Type openvas Reporter Copyright (C) 2013 Greenbone Networks GmbH Modified 2019-03-15T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for spice-gtk FEDORA-2013-17195
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.867192");
script_version("$Revision: 14223 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
script_tag(name:"creation_date", value:"2013-12-23 12:34:46 +0530 (Mon, 23 Dec 2013)");
script_cve_id("CVE-2013-4324");
script_tag(name:"cvss_base", value:"4.6");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_name("Fedora Update for spice-gtk FEDORA-2013-17195");
script_tag(name:"affected", value:"spice-gtk on Fedora 18");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"FEDORA", value:"2013-17195");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124316.html");
script_tag(name:"summary", value:"The remote host is missing an update for the 'spice-gtk'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC18");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "FC18")
{
if ((res = isrpmvuln(pkg:"spice-gtk", rpm:"spice-gtk~0.18~3.fc18", rls:"FC18")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310867192", "bulletinFamily": "scanner", "title": "Fedora Update for spice-gtk FEDORA-2013-17195", "description": "The remote host is missing an update for the ", "published": "2013-12-23T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867192", "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124316.html", "2013-17195"], "cvelist": ["CVE-2013-4324"], "type": "openvas", "lastseen": "2019-05-29T18:37:54", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2013-4324"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Check for the Version of spice-gtk", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "fc4edbf6c609918beaf8192c8a3d9ed495b483af0b8b44337a1aae9c846b9d63", "hashmap": [{"hash": "24f5b5248d0845eb3f5ad5772939b967", "key": "description"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "2d5eae0537a36bddf902ea237cf61d2b", "key": "sourceData"}, {"hash": "bbfecdfaa3bb534a258b4759a6a34550", "key": "published"}, {"hash": "6f54257f95e5aa25bcf179fd8dc08f0c", "key": "title"}, {"hash": "1c6bafc35af37af7a8bfc78d577bcb49", "key": "references"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "a27486a458aa9fe847f6d2f486bba813", "key": "href"}, {"hash": "eb0d3e4b46c4b283eb1ce082bbd5ff31", "key": "reporter"}, {"hash": "0afcd9ce151f574a41f438ab06382838", "key": "pluginID"}, {"hash": "0b59197a883d954d3e15dd1e138b4b5b", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867192", "id": "OPENVAS:1361412562310867192", "lastseen": "2018-08-30T19:24:27", "modified": "2018-04-06T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310867192", "published": "2013-12-23T00:00:00", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124316.html", "2013-17195"], "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for spice-gtk FEDORA-2013-17195\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867192\");\n script_version(\"$Revision: 9372 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:56:37 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 12:34:46 +0530 (Mon, 23 Dec 2013)\");\n script_cve_id(\"CVE-2013-4324\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for spice-gtk FEDORA-2013-17195\");\n\n tag_insight = \"Client libraries for SPICE desktop servers.\n\";\n\n tag_affected = \"spice-gtk on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-17195\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124316.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of spice-gtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"spice-gtk\", rpm:\"spice-gtk~0.18~3.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "title": "Fedora Update for spice-gtk FEDORA-2013-17195", "type": "openvas", "viewCount": 1}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:24:27"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2013-4324"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check for the Version of spice-gtk", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "0667196c15e7c2f05f3359fdd100fc75d1d0937aa7938d06e65845e3e38f99ac", "hashmap": [{"hash": "24f5b5248d0845eb3f5ad5772939b967", "key": "description"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "2d5eae0537a36bddf902ea237cf61d2b", "key": "sourceData"}, {"hash": "bbfecdfaa3bb534a258b4759a6a34550", "key": "published"}, {"hash": "6f54257f95e5aa25bcf179fd8dc08f0c", "key": "title"}, {"hash": "1c6bafc35af37af7a8bfc78d577bcb49", "key": "references"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "a27486a458aa9fe847f6d2f486bba813", "key": "href"}, {"hash": "eb0d3e4b46c4b283eb1ce082bbd5ff31", "key": "reporter"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "0afcd9ce151f574a41f438ab06382838", "key": "pluginID"}, {"hash": "0b59197a883d954d3e15dd1e138b4b5b", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867192", "id": "OPENVAS:1361412562310867192", "lastseen": "2018-04-09T11:24:55", "modified": "2018-04-06T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310867192", "published": "2013-12-23T00:00:00", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124316.html", "2013-17195"], "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for spice-gtk FEDORA-2013-17195\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867192\");\n script_version(\"$Revision: 9372 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:56:37 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 12:34:46 +0530 (Mon, 23 Dec 2013)\");\n script_cve_id(\"CVE-2013-4324\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for spice-gtk FEDORA-2013-17195\");\n\n tag_insight = \"Client libraries for SPICE desktop servers.\n\";\n\n tag_affected = \"spice-gtk on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-17195\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124316.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of spice-gtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"spice-gtk\", rpm:\"spice-gtk~0.18~3.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "title": "Fedora Update for spice-gtk FEDORA-2013-17195", "type": "openvas", "viewCount": 1}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-04-09T11:24:55"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2013-4324"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is missing an update for the ", "edition": 5, "enchantments": {"dependencies": {"modified": "2019-03-18T14:38:46", "references": [{"idList": ["GLSA-201406-27"], "type": "gentoo"}, {"idList": ["ELSA-2013-1273"], "type": "oraclelinux"}, {"idList": ["RHSA-2013:1273"], "type": "redhat"}, {"idList": ["OPENVAS:1361412562310123572", "OPENVAS:867192", "OPENVAS:1361412562310871038", "OPENVAS:871038", "OPENVAS:1361412562310121230", "OPENVAS:881797", "OPENVAS:866947", "OPENVAS:1361412562310866947", "OPENVAS:1361412562310881797"], "type": "openvas"}, {"idList": ["CVE-2013-4324"], "type": "cve"}, {"idList": ["CESA-2013:1273"], "type": "centos"}, {"idList": ["ORACLELINUX_ELSA-2013-1273.NASL", "GENTOO_GLSA-201406-27.NASL", "REDHAT-RHSA-2013-1273.NASL", "SL_20130919_SPICE_GTK_ON_SL6_X.NASL", "OPENSUSE-2013-777.NASL", "FEDORA_2013-17109.NASL", "CENTOS_RHSA-2013-1273.NASL"], "type": "nessus"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "5436489b9a3f70161e2dd6f3d05328b65fa5c993d738ffbdb1cffb5700ffd50e", "hashmap": [{"hash": "1693b96dcccf4fbcd463bf8baaa2bf3f", "key": "description"}, {"hash": "bbfecdfaa3bb534a258b4759a6a34550", "key": "published"}, {"hash": "6f54257f95e5aa25bcf179fd8dc08f0c", "key": "title"}, {"hash": "1c6bafc35af37af7a8bfc78d577bcb49", "key": "references"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "a27486a458aa9fe847f6d2f486bba813", "key": "href"}, {"hash": "eb0d3e4b46c4b283eb1ce082bbd5ff31", "key": "reporter"}, {"hash": "4525bc09d1c4c408a417a5eb7b850972", "key": "modified"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "5490886e44c8f44c5e6721e2d70183ad", "key": "sourceData"}, {"hash": "0afcd9ce151f574a41f438ab06382838", "key": "pluginID"}, {"hash": "0b59197a883d954d3e15dd1e138b4b5b", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867192", "id": "OPENVAS:1361412562310867192", "lastseen": "2019-03-18T14:38:46", "modified": "2019-03-15T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310867192", "published": "2013-12-23T00:00:00", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124316.html", "2013-17195"], "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for spice-gtk FEDORA-2013-17195\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867192\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 12:34:46 +0530 (Mon, 23 Dec 2013)\");\n script_cve_id(\"CVE-2013-4324\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for spice-gtk FEDORA-2013-17195\");\n\n\n script_tag(name:\"affected\", value:\"spice-gtk on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-17195\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124316.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'spice-gtk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"spice-gtk\", rpm:\"spice-gtk~0.18~3.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "title": "Fedora Update for spice-gtk FEDORA-2013-17195", "type": "openvas", "viewCount": 1}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2019-03-18T14:38:46"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2013-4324"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check for the Version of spice-gtk", "edition": 4, "enchantments": {"dependencies": {"modified": "2018-09-01T23:56:03", "references": [{"idList": ["GLSA-201406-27"], "type": "gentoo"}, {"idList": ["ELSA-2013-1273"], "type": "oraclelinux"}, {"idList": ["RHSA-2013:1273"], "type": "redhat"}, {"idList": ["OPENVAS:1361412562310123572", "OPENVAS:867192", "OPENVAS:1361412562310871038", "OPENVAS:871038", "OPENVAS:1361412562310121230", "OPENVAS:881797", "OPENVAS:866947", "OPENVAS:1361412562310866947", "OPENVAS:1361412562310881797"], "type": "openvas"}, {"idList": ["CVE-2013-4324"], "type": "cve"}, {"idList": ["CESA-2013:1273"], "type": "centos"}, {"idList": ["ORACLELINUX_ELSA-2013-1273.NASL", "GENTOO_GLSA-201406-27.NASL", "REDHAT-RHSA-2013-1273.NASL", "SL_20130919_SPICE_GTK_ON_SL6_X.NASL", "OPENSUSE-2013-777.NASL", "FEDORA_2013-17109.NASL", "CENTOS_RHSA-2013-1273.NASL"], "type": "nessus"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "0667196c15e7c2f05f3359fdd100fc75d1d0937aa7938d06e65845e3e38f99ac", "hashmap": [{"hash": "24f5b5248d0845eb3f5ad5772939b967", "key": "description"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "2d5eae0537a36bddf902ea237cf61d2b", "key": "sourceData"}, {"hash": "bbfecdfaa3bb534a258b4759a6a34550", "key": "published"}, {"hash": "6f54257f95e5aa25bcf179fd8dc08f0c", "key": "title"}, {"hash": "1c6bafc35af37af7a8bfc78d577bcb49", "key": "references"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "a27486a458aa9fe847f6d2f486bba813", "key": "href"}, {"hash": "eb0d3e4b46c4b283eb1ce082bbd5ff31", "key": "reporter"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "0afcd9ce151f574a41f438ab06382838", "key": "pluginID"}, {"hash": "0b59197a883d954d3e15dd1e138b4b5b", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867192", "id": "OPENVAS:1361412562310867192", "lastseen": "2018-09-01T23:56:03", "modified": "2018-04-06T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310867192", "published": "2013-12-23T00:00:00", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124316.html", "2013-17195"], "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for spice-gtk FEDORA-2013-17195\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867192\");\n script_version(\"$Revision: 9372 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:56:37 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 12:34:46 +0530 (Mon, 23 Dec 2013)\");\n script_cve_id(\"CVE-2013-4324\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for spice-gtk FEDORA-2013-17195\");\n\n tag_insight = \"Client libraries for SPICE desktop servers.\n\";\n\n tag_affected = \"spice-gtk on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-17195\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124316.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of spice-gtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"spice-gtk\", rpm:\"spice-gtk~0.18~3.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "title": "Fedora Update for spice-gtk FEDORA-2013-17195", "type": "openvas", "viewCount": 1}, "differentElements": ["description", "modified", "sourceData"], "edition": 4, "lastseen": "2018-09-01T23:56:03"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2013-4324"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check for the Version of spice-gtk", "edition": 1, "enchantments": {"score": {"modified": "2018-04-06T11:24:00", "value": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N/"}}, "hash": "2e49cd2790661634a7c8eb126f86097d2e599f155ac2b4d4388d9618a1c6e1ef", "hashmap": [{"hash": "24f5b5248d0845eb3f5ad5772939b967", "key": "description"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "bbfecdfaa3bb534a258b4759a6a34550", "key": "published"}, {"hash": "6f54257f95e5aa25bcf179fd8dc08f0c", "key": "title"}, {"hash": "1c6bafc35af37af7a8bfc78d577bcb49", "key": "references"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "d771b6412ce2989f709d5212c3d5784a", "key": "sourceData"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "a27486a458aa9fe847f6d2f486bba813", "key": "href"}, {"hash": "eb0d3e4b46c4b283eb1ce082bbd5ff31", "key": "reporter"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "0afcd9ce151f574a41f438ab06382838", "key": "pluginID"}, {"hash": "0b59197a883d954d3e15dd1e138b4b5b", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867192", "id": "OPENVAS:1361412562310867192", "lastseen": "2018-04-06T11:24:00", "modified": "2018-04-06T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310867192", "published": "2013-12-23T00:00:00", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124316.html", "2013-17195"], "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for spice-gtk FEDORA-2013-17195\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867192\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 12:34:46 +0530 (Mon, 23 Dec 2013)\");\n script_cve_id(\"CVE-2013-4324\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for spice-gtk FEDORA-2013-17195\");\n\n tag_insight = \"Client libraries for SPICE desktop servers.\n\";\n\n tag_affected = \"spice-gtk on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-17195\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124316.html\");\n script_summary(\"Check for the Version of spice-gtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"spice-gtk\", rpm:\"spice-gtk~0.18~3.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "title": "Fedora Update for spice-gtk FEDORA-2013-17195", "type": "openvas", "viewCount": 0}, "differentElements": ["sourceData"], "edition": 1, "lastseen": "2018-04-06T11:24:00"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "0b59197a883d954d3e15dd1e138b4b5b"}, {"key": "cvss", "hash": "6f6410364e4cee78bd47ed1fc3d8dd5b"}, {"key": "description", "hash": "1693b96dcccf4fbcd463bf8baaa2bf3f"}, {"key": "href", "hash": "a27486a458aa9fe847f6d2f486bba813"}, {"key": "modified", "hash": "4525bc09d1c4c408a417a5eb7b850972"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "0afcd9ce151f574a41f438ab06382838"}, {"key": "published", "hash": "bbfecdfaa3bb534a258b4759a6a34550"}, {"key": "references", "hash": "1c6bafc35af37af7a8bfc78d577bcb49"}, {"key": "reporter", "hash": "eb0d3e4b46c4b283eb1ce082bbd5ff31"}, {"key": "sourceData", "hash": "5490886e44c8f44c5e6721e2d70183ad"}, {"key": "title", "hash": "6f54257f95e5aa25bcf179fd8dc08f0c"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "adb81e74fe427b7fecf1e943345a466601d82a50e4d14eaed0afb03a6e197669", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-4324"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123572", "OPENVAS:866947", "OPENVAS:871038", "OPENVAS:867192", "OPENVAS:1361412562310871038", "OPENVAS:1361412562310881797", "OPENVAS:1361412562310866947", "OPENVAS:881797", "OPENVAS:1361412562310121230"]}, {"type": "redhat", "idList": ["RHSA-2013:1273"]}, {"type": "nessus", "idList": ["SL_20130919_SPICE_GTK_ON_SL6_X.NASL", "FEDORA_2013-17109.NASL", "CENTOS_RHSA-2013-1273.NASL", "ORACLELINUX_ELSA-2013-1273.NASL", "OPENSUSE-2013-777.NASL", "REDHAT-RHSA-2013-1273.NASL", "GENTOO_GLSA-201406-27.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-1273"]}, {"type": "centos", "idList": ["CESA-2013:1273"]}, {"type": "gentoo", "idList": ["GLSA-201406-27"]}], "modified": "2019-05-29T18:37:54"}, "score": {"value": 6.1, "vector": "NONE", "modified": "2019-05-29T18:37:54"}, "vulnersScore": 6.1}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for spice-gtk FEDORA-2013-17195\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867192\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 12:34:46 +0530 (Mon, 23 Dec 2013)\");\n script_cve_id(\"CVE-2013-4324\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for spice-gtk FEDORA-2013-17195\");\n\n\n script_tag(name:\"affected\", value:\"spice-gtk on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-17195\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124316.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'spice-gtk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"spice-gtk\", rpm:\"spice-gtk~0.18~3.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "naslFamily": "Fedora Local Security Checks", "pluginID": "1361412562310867192", "scheme": null}
{"cve": [{"lastseen": "2019-07-09T18:07:00", "bulletinFamily": "NVD", "description": "spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.", "modified": "2019-06-17T13:55:00", "id": "CVE-2013-4324", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4324", "published": "2013-10-03T21:55:00", "title": "CVE-2013-4324", "type": "cve", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-02-21T01:21:34", "bulletinFamily": "scanner", "description": "spice-gtk received fixes for the acl helper policy kit checks that had a race condition in PID checking. (CVE-2013-4324, bnc#844967).", "modified": "2018-11-10T00:00:00", "id": "OPENSUSE-2013-777.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75172", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : spice-gtk (openSUSE-SU-2013:1562-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-777.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75172);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:50:01\");\n\n script_cve_id(\"CVE-2013-4324\");\n script_bugtraq_id(62538);\n\n script_name(english:\"openSUSE Security Update : spice-gtk (openSUSE-SU-2013:1562-1)\");\n script_summary(english:\"Check for the openSUSE-2013-777 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"spice-gtk received fixes for the acl helper policy kit checks that had\na race condition in PID checking. (CVE-2013-4324, bnc#844967).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=844967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-10/msg00031.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected spice-gtk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libspice-client-glib-2_0-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libspice-client-glib-2_0-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libspice-client-glib-2_0-8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libspice-client-glib-2_0-8-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libspice-client-gtk-2_0-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libspice-client-gtk-2_0-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libspice-client-gtk-2_0-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libspice-client-gtk-2_0-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libspice-client-gtk-3_0-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libspice-client-gtk-3_0-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libspice-client-gtk-3_0-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libspice-client-gtk-3_0-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libspice-controller0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libspice-controller0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-SpiceClientGtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-SpiceClientGtk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:spice-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:spice-gtk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:spice-gtk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:spice-gtk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:spice-gtk-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-SpiceClientGlib-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-SpiceClientGtk-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-SpiceClientGtk-3_0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2|SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2 / 12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libspice-client-glib-2_0-1-0.12-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libspice-client-glib-2_0-1-debuginfo-0.12-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libspice-client-gtk-2_0-1-0.12-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libspice-client-gtk-2_0-1-debuginfo-0.12-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libspice-client-gtk-3_0-1-0.12-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libspice-client-gtk-3_0-1-debuginfo-0.12-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libspice-controller0-0.12-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libspice-controller0-debuginfo-0.12-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"python-SpiceClientGtk-0.12-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"python-SpiceClientGtk-debuginfo-0.12-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"spice-gtk-0.12-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"spice-gtk-debuginfo-0.12-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"spice-gtk-debugsource-0.12-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"spice-gtk-devel-0.12-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"spice-gtk-lang-0.12-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"typelib-1_0-SpiceClientGlib-2_0-0.12-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"typelib-1_0-SpiceClientGtk-2_0-0.12-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"typelib-1_0-SpiceClientGtk-3_0-0.12-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libspice-client-glib-2_0-8-0.14-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libspice-client-glib-2_0-8-debuginfo-0.14-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libspice-client-gtk-2_0-4-0.14-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libspice-client-gtk-2_0-4-debuginfo-0.14-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libspice-client-gtk-3_0-4-0.14-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libspice-client-gtk-3_0-4-debuginfo-0.14-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libspice-controller0-0.14-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libspice-controller0-debuginfo-0.14-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-SpiceClientGtk-0.14-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-SpiceClientGtk-debuginfo-0.14-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"spice-gtk-0.14-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"spice-gtk-debuginfo-0.14-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"spice-gtk-debugsource-0.14-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"spice-gtk-devel-0.14-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"spice-gtk-lang-0.14-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"typelib-1_0-SpiceClientGlib-2_0-0.14-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"typelib-1_0-SpiceClientGtk-2_0-0.14-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"typelib-1_0-SpiceClientGtk-3_0-0.14-3.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"spice-gtk\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:03", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2013:1273 :\n\nUpdated spice-gtk packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE (Simple Protocol for Independent Computing Environments) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol.\n\nspice-gtk communicated with PolicyKit for authorization via an API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies spice-gtk to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2013-4324)\n\nAll users of spice-gtk are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2013-1273.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70008", "published": "2013-09-20T00:00:00", "title": "Oracle Linux 6 : spice-gtk (ELSA-2013-1273)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:1273 and \n# Oracle Linux Security Advisory ELSA-2013-1273 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70008);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2013-4324\");\n script_bugtraq_id(62538);\n script_xref(name:\"RHSA\", value:\"2013:1273\");\n\n script_name(english:\"Oracle Linux 6 : spice-gtk (ELSA-2013-1273)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:1273 :\n\nUpdated spice-gtk packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE\n(Simple Protocol for Independent Computing Environments) clients. Both\nVirtual Machine Manager and Virtual Machine Viewer can make use of\nthis widget to access virtual machines using the SPICE protocol.\n\nspice-gtk communicated with PolicyKit for authorization via an API\nthat is vulnerable to a race condition. This could lead to intended\nPolicyKit authorizations being bypassed. This update modifies\nspice-gtk to communicate with PolicyKit via a different API that is\nnot vulnerable to the race condition. (CVE-2013-4324)\n\nAll users of spice-gtk are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-September/003680.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected spice-gtk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:spice-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:spice-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:spice-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:spice-gtk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:spice-gtk-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:spice-gtk-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"spice-glib-0.14-7.el6_4.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"spice-glib-devel-0.14-7.el6_4.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"spice-gtk-0.14-7.el6_4.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"spice-gtk-devel-0.14-7.el6_4.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"spice-gtk-python-0.14-7.el6_4.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"spice-gtk-tools-0.14-7.el6_4.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"spice-glib / spice-glib-devel / spice-gtk / spice-gtk-devel / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:03", "bulletinFamily": "scanner", "description": "Updated spice-gtk packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE (Simple Protocol for Independent Computing Environments) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol.\n\nspice-gtk communicated with PolicyKit for authorization via an API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies spice-gtk to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2013-4324)\n\nAll users of spice-gtk are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2013-1273.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70000", "published": "2013-09-20T00:00:00", "title": "CentOS 6 : spice-gtk (CESA-2013:1273)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1273 and \n# CentOS Errata and Security Advisory 2013:1273 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70000);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2013-4324\");\n script_xref(name:\"RHSA\", value:\"2013:1273\");\n\n script_name(english:\"CentOS 6 : spice-gtk (CESA-2013:1273)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated spice-gtk packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE\n(Simple Protocol for Independent Computing Environments) clients. Both\nVirtual Machine Manager and Virtual Machine Viewer can make use of\nthis widget to access virtual machines using the SPICE protocol.\n\nspice-gtk communicated with PolicyKit for authorization via an API\nthat is vulnerable to a race condition. This could lead to intended\nPolicyKit authorizations being bypassed. This update modifies\nspice-gtk to communicate with PolicyKit via a different API that is\nnot vulnerable to the race condition. (CVE-2013-4324)\n\nAll users of spice-gtk are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-September/019950.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1c1cf6a8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected spice-gtk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:spice-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:spice-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:spice-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:spice-gtk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:spice-gtk-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:spice-gtk-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"spice-glib-0.14-7.el6_4.3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"spice-glib-devel-0.14-7.el6_4.3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"spice-gtk-0.14-7.el6_4.3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"spice-gtk-devel-0.14-7.el6_4.3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"spice-gtk-python-0.14-7.el6_4.3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"spice-gtk-tools-0.14-7.el6_4.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:03", "bulletinFamily": "scanner", "description": "Updated spice-gtk packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE (Simple Protocol for Independent Computing Environments) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol.\n\nspice-gtk communicated with PolicyKit for authorization via an API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies spice-gtk to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2013-4324)\n\nAll users of spice-gtk are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2013-1273.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70012", "published": "2013-09-20T00:00:00", "title": "RHEL 6 : spice-gtk (RHSA-2013:1273)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1273. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70012);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:53\");\n\n script_cve_id(\"CVE-2013-4324\");\n script_xref(name:\"RHSA\", value:\"2013:1273\");\n\n script_name(english:\"RHEL 6 : spice-gtk (RHSA-2013:1273)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated spice-gtk packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE\n(Simple Protocol for Independent Computing Environments) clients. Both\nVirtual Machine Manager and Virtual Machine Viewer can make use of\nthis widget to access virtual machines using the SPICE protocol.\n\nspice-gtk communicated with PolicyKit for authorization via an API\nthat is vulnerable to a race condition. This could lead to intended\nPolicyKit authorizations being bypassed. This update modifies\nspice-gtk to communicate with PolicyKit via a different API that is\nnot vulnerable to the race condition. (CVE-2013-4324)\n\nAll users of spice-gtk are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4324\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spice-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spice-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spice-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spice-gtk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spice-gtk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spice-gtk-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spice-gtk-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1273\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"spice-glib-0.14-7.el6_4.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"spice-glib-0.14-7.el6_4.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"spice-glib-devel-0.14-7.el6_4.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"spice-glib-devel-0.14-7.el6_4.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"spice-gtk-0.14-7.el6_4.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"spice-gtk-0.14-7.el6_4.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"spice-gtk-debuginfo-0.14-7.el6_4.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"spice-gtk-debuginfo-0.14-7.el6_4.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"spice-gtk-devel-0.14-7.el6_4.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"spice-gtk-devel-0.14-7.el6_4.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"spice-gtk-python-0.14-7.el6_4.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"spice-gtk-python-0.14-7.el6_4.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"spice-gtk-tools-0.14-7.el6_4.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"spice-gtk-tools-0.14-7.el6_4.3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"spice-glib / spice-glib-devel / spice-gtk / spice-gtk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:03", "bulletinFamily": "scanner", "description": "spice-gtk communicated with PolicyKit for authorization via an API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies spice-gtk to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2013-4324)", "modified": "2018-12-31T00:00:00", "id": "SL_20130919_SPICE_GTK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70017", "published": "2013-09-20T00:00:00", "title": "Scientific Linux Security Update : spice-gtk on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70017);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/31 11:35:01\");\n\n script_cve_id(\"CVE-2013-4324\");\n\n script_name(english:\"Scientific Linux Security Update : spice-gtk on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"spice-gtk communicated with PolicyKit for authorization via an API\nthat is vulnerable to a race condition. This could lead to intended\nPolicyKit authorizations being bypassed. This update modifies\nspice-gtk to communicate with PolicyKit via a different API that is\nnot vulnerable to the race condition. (CVE-2013-4324)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1309&L=scientific-linux-errata&T=0&P=1200\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4551e400\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"spice-glib-0.14-7.el6_4.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"spice-glib-devel-0.14-7.el6_4.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"spice-gtk-0.14-7.el6_4.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"spice-gtk-debuginfo-0.14-7.el6_4.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"spice-gtk-devel-0.14-7.el6_4.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"spice-gtk-python-0.14-7.el6_4.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"spice-gtk-tools-0.14-7.el6_4.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:05", "bulletinFamily": "scanner", "description": "Fix CVE-2013-4324 Insecure calling of polkit via polkit_unix_process_new() Add a few upstream patches fixing bugs in spice-gtk 0.20\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-19T00:00:00", "id": "FEDORA_2013-17109.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70157", "published": "2013-09-27T00:00:00", "title": "Fedora 19 : spice-gtk-0.20-6.fc19 (2013-17109)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-17109.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70157);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:12:43 $\");\n\n script_cve_id(\"CVE-2013-4324\");\n script_bugtraq_id(62538);\n script_xref(name:\"FEDORA\", value:\"2013-17109\");\n\n script_name(english:\"Fedora 19 : spice-gtk-0.20-6.fc19 (2013-17109)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix CVE-2013-4324 Insecure calling of polkit via\npolkit_unix_process_new() Add a few upstream patches fixing bugs in\nspice-gtk 0.20\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1006669\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-September/117126.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a5a3c49\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected spice-gtk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:spice-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"spice-gtk-0.20-6.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"spice-gtk\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:57", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201406-27 (polkit, Spice-Gtk, systemd, HPLIP, libvirt: Privilege escalation)\n\n polkit has a race condition which potentially allows a process to change its UID/EUID via suid or pkexec before authentication is completed.\n Impact :\n\n A local attacker could start a suid or pkexec process through a polkit-enabled application, which could result in privilege escalation or bypass of polkit restrictions.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-12-05T00:00:00", "id": "GENTOO_GLSA-201406-27.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76271", "published": "2014-06-27T00:00:00", "title": "GLSA-201406-27 : polkit, Spice-Gtk, systemd, HPLIP, libvirt: Privilege escalation", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201406-27.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76271);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/05 20:31:22\");\n\n script_cve_id(\"CVE-2013-4288\", \"CVE-2013-4311\", \"CVE-2013-4324\", \"CVE-2013-4325\", \"CVE-2013-4327\");\n script_bugtraq_id(62499, 62503, 62508, 62511, 62538);\n script_xref(name:\"GLSA\", value:\"201406-27\");\n\n script_name(english:\"GLSA-201406-27 : polkit, Spice-Gtk, systemd, HPLIP, libvirt: Privilege escalation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201406-27\n(polkit, Spice-Gtk, systemd, HPLIP, libvirt: Privilege escalation)\n\n polkit has a race condition which potentially allows a process to change\n its UID/EUID via suid or pkexec before authentication is completed.\n \nImpact :\n\n A local attacker could start a suid or pkexec process through a\n polkit-enabled application, which could result in privilege escalation or\n bypass of polkit restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201406-27\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All polkit users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-auth/polkit-0.112'\n All HPLIP users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-print/hplip-3.14.1'\n All Spice-Gtk users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/spice-gtk-0.21'\n All systemd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/systemd-204-r1'\n All libvirt users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/libvirt-1.1.2-r3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:hplip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:polkit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:spice-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/systemd\", unaffected:make_list(\"ge 204-r1\"), vulnerable:make_list(\"lt 204-r1\"))) flag++;\nif (qpkg_check(package:\"sys-auth/polkit\", unaffected:make_list(\"ge 0.112\"), vulnerable:make_list(\"lt 0.112\"))) flag++;\nif (qpkg_check(package:\"net-print/hplip\", unaffected:make_list(\"ge 3.14.1\"), vulnerable:make_list(\"lt 3.14.1\"))) flag++;\nif (qpkg_check(package:\"net-misc/spice-gtk\", unaffected:make_list(\"ge 0.21\"), vulnerable:make_list(\"lt 0.21\"))) flag++;\nif (qpkg_check(package:\"app-emulation/libvirt\", unaffected:make_list(\"ge 1.1.2-r3\"), vulnerable:make_list(\"lt 1.1.2-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"polkit / Spice-Gtk / systemd / HPLIP / libvirt\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-01-18T11:09:38", "bulletinFamily": "scanner", "description": "Check for the Version of spice-glib", "modified": "2018-01-18T00:00:00", "published": "2013-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881797", "id": "OPENVAS:881797", "title": "CentOS Update for spice-glib CESA-2013:1273 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for spice-glib CESA-2013:1273 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE\n(Simple Protocol for Independent Computing Environments) clients. Both\nVirtual Machine Manager and Virtual Machine Viewer can make use of this\nwidget to access virtual machines using the SPICE protocol.\n\nspice-gtk communicated with PolicyKit for authorization via an API that is\nvulnerable to a race condition. This could lead to intended PolicyKit\nauthorizations being bypassed. This update modifies spice-gtk to\ncommunicate with PolicyKit via a different API that is not vulnerable to\nthe race condition. (CVE-2013-4324)\n\nAll users of spice-gtk are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\";\n\n\nif(description)\n{\n script_id(881797);\n script_version(\"$Revision: 8456 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 07:58:40 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 11:45:25 +0530 (Tue, 24 Sep 2013)\");\n script_cve_id(\"CVE-2013-4324\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for spice-glib CESA-2013:1273 centos6 \");\n\n\n tag_affected = \"spice-glib on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2013:1273\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-September/019950.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of spice-glib\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"spice-glib\", rpm:\"spice-glib~0.14~7.el6_4.3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"spice-glib-devel\", rpm:\"spice-glib-devel~0.14~7.el6_4.3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"spice-gtk\", rpm:\"spice-gtk~0.14~7.el6_4.3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"spice-gtk-devel\", rpm:\"spice-gtk-devel~0.14~7.el6_4.3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"spice-gtk-python\", rpm:\"spice-gtk-python~0.14~7.el6_4.3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"spice-gtk-tools\", rpm:\"spice-gtk-tools~0.14~7.el6_4.3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:23", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2013-1273", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123572", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123572", "title": "Oracle Linux Local Check: ELSA-2013-1273", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-1273.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123572\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:05:41 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-1273\");\n script_tag(name:\"insight\", value:\"ELSA-2013-1273 - spice-gtk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-1273\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-1273.html\");\n script_cve_id(\"CVE-2013-4324\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"spice-glib\", rpm:\"spice-glib~0.14~7.el6_4.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"spice-glib-devel\", rpm:\"spice-glib-devel~0.14~7.el6_4.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"spice-gtk\", rpm:\"spice-gtk~0.14~7.el6_4.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"spice-gtk-devel\", rpm:\"spice-gtk-devel~0.14~7.el6_4.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"spice-gtk-python\", rpm:\"spice-gtk-python~0.14~7.el6_4.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"spice-gtk-tools\", rpm:\"spice-gtk-tools~0.14~7.el6_4.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-18T11:09:28", "bulletinFamily": "scanner", "description": "Check for the Version of spice-gtk", "modified": "2018-01-17T00:00:00", "published": "2013-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=871038", "id": "OPENVAS:871038", "title": "RedHat Update for spice-gtk RHSA-2013:1273-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for spice-gtk RHSA-2013:1273-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871038);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 11:44:24 +0530 (Tue, 24 Sep 2013)\");\n script_cve_id(\"CVE-2013-4324\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for spice-gtk RHSA-2013:1273-01\");\n\n tag_insight = \"The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE\n(Simple Protocol for Independent Computing Environments) clients. Both\nVirtual Machine Manager and Virtual Machine Viewer can make use of this\nwidget to access virtual machines using the SPICE protocol.\n\nspice-gtk communicated with PolicyKit for authorization via an API that is\nvulnerable to a race condition. This could lead to intended PolicyKit\nauthorizations being bypassed. This update modifies spice-gtk to\ncommunicate with PolicyKit via a different API that is not vulnerable to\nthe race condition. (CVE-2013-4324)\n\nAll users of spice-gtk are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\n\";\n\n tag_affected = \"spice-gtk on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2013:1273-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-September/msg00032.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of spice-gtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"spice-glib\", rpm:\"spice-glib~0.14~7.el6_4.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"spice-gtk\", rpm:\"spice-gtk~0.14~7.el6_4.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"spice-gtk-debuginfo\", rpm:\"spice-gtk-debuginfo~0.14~7.el6_4.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"spice-gtk-python\", rpm:\"spice-gtk-python~0.14~7.el6_4.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:52:14", "bulletinFamily": "scanner", "description": "Check for the Version of spice-gtk", "modified": "2017-07-10T00:00:00", "published": "2013-12-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867192", "id": "OPENVAS:867192", "title": "Fedora Update for spice-gtk FEDORA-2013-17195", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for spice-gtk FEDORA-2013-17195\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867192);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 12:34:46 +0530 (Mon, 23 Dec 2013)\");\n script_cve_id(\"CVE-2013-4324\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for spice-gtk FEDORA-2013-17195\");\n\n tag_insight = \"Client libraries for SPICE desktop servers.\n\";\n\n tag_affected = \"spice-gtk on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-17195\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124316.html\");\n script_summary(\"Check for the Version of spice-gtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"spice-gtk\", rpm:\"spice-gtk~0.18~3.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:51:50", "bulletinFamily": "scanner", "description": "Check for the Version of spice-gtk", "modified": "2017-07-10T00:00:00", "published": "2013-10-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=866947", "id": "OPENVAS:866947", "title": "Fedora Update for spice-gtk FEDORA-2013-17109", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for spice-gtk FEDORA-2013-17109\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866947);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-03 10:14:59 +0530 (Thu, 03 Oct 2013)\");\n script_cve_id(\"CVE-2013-4324\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for spice-gtk FEDORA-2013-17109\");\n\n tag_insight = \"Client libraries for SPICE desktop servers.\n\";\n\n tag_affected = \"spice-gtk on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-17109\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/117126.html\");\n script_summary(\"Check for the Version of spice-gtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"spice-gtk\", rpm:\"spice-gtk~0.20~6.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:00", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-10-03T00:00:00", "id": "OPENVAS:1361412562310866947", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866947", "title": "Fedora Update for spice-gtk FEDORA-2013-17109", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for spice-gtk FEDORA-2013-17109\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866947\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-03 10:14:59 +0530 (Thu, 03 Oct 2013)\");\n script_cve_id(\"CVE-2013-4324\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for spice-gtk FEDORA-2013-17109\");\n\n\n script_tag(name:\"affected\", value:\"spice-gtk on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-17109\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/117126.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'spice-gtk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"spice-gtk\", rpm:\"spice-gtk~0.20~6.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:28", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-09-24T00:00:00", "id": "OPENVAS:1361412562310871038", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871038", "title": "RedHat Update for spice-gtk RHSA-2013:1273-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for spice-gtk RHSA-2013:1273-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871038\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 11:44:24 +0530 (Tue, 24 Sep 2013)\");\n script_cve_id(\"CVE-2013-4324\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for spice-gtk RHSA-2013:1273-01\");\n\n\n script_tag(name:\"affected\", value:\"spice-gtk on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE\n(Simple Protocol for Independent Computing Environments) clients. Both\nVirtual Machine Manager and Virtual Machine Viewer can make use of this\nwidget to access virtual machines using the SPICE protocol.\n\nspice-gtk communicated with PolicyKit for authorization via an API that is\nvulnerable to a race condition. This could lead to intended PolicyKit\nauthorizations being bypassed. This update modifies spice-gtk to\ncommunicate with PolicyKit via a different API that is not vulnerable to\nthe race condition. (CVE-2013-4324)\n\nAll users of spice-gtk are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2013:1273-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-September/msg00032.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'spice-gtk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"spice-glib\", rpm:\"spice-glib~0.14~7.el6_4.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"spice-gtk\", rpm:\"spice-gtk~0.14~7.el6_4.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"spice-gtk-debuginfo\", rpm:\"spice-gtk-debuginfo~0.14~7.el6_4.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"spice-gtk-python\", rpm:\"spice-gtk-python~0.14~7.el6_4.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:25", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-09-24T00:00:00", "id": "OPENVAS:1361412562310881797", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881797", "title": "CentOS Update for spice-glib CESA-2013:1273 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for spice-glib CESA-2013:1273 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881797\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 11:45:25 +0530 (Tue, 24 Sep 2013)\");\n script_cve_id(\"CVE-2013-4324\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for spice-glib CESA-2013:1273 centos6\");\n\n script_tag(name:\"affected\", value:\"spice-glib on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE\n(Simple Protocol for Independent Computing Environments) clients. Both\nVirtual Machine Manager and Virtual Machine Viewer can make use of this\nwidget to access virtual machines using the SPICE protocol.\n\nspice-gtk communicated with PolicyKit for authorization via an API that is\nvulnerable to a race condition. This could lead to intended PolicyKit\nauthorizations being bypassed. This update modifies spice-gtk to\ncommunicate with PolicyKit via a different API that is not vulnerable to\nthe race condition. (CVE-2013-4324)\n\nAll users of spice-gtk are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2013:1273\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-September/019950.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'spice-glib'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"spice-glib\", rpm:\"spice-glib~0.14~7.el6_4.3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"spice-glib-devel\", rpm:\"spice-glib-devel~0.14~7.el6_4.3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"spice-gtk\", rpm:\"spice-gtk~0.14~7.el6_4.3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"spice-gtk-devel\", rpm:\"spice-gtk-devel~0.14~7.el6_4.3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"spice-gtk-python\", rpm:\"spice-gtk-python~0.14~7.el6_4.3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"spice-gtk-tools\", rpm:\"spice-gtk-tools~0.14~7.el6_4.3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:14", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201406-27", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121230", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121230", "title": "Gentoo Security Advisory GLSA 201406-27", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201406-27.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121230\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:27 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201406-27\");\n script_tag(name:\"insight\", value:\"polkit has a race condition which potentially allows a process to change its UID/EUID via suid or pkexec before authentication is completed.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201406-27\");\n script_cve_id(\"CVE-2013-4288\", \"CVE-2013-4311\", \"CVE-2013-4324\", \"CVE-2013-4325\", \"CVE-2013-4327\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201406-27\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-print/hplip\", unaffected: make_list(\"ge 3.14.1\"), vulnerable: make_list(\"lt 3.14.1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-misc/spice-gtk\", unaffected: make_list(\"ge 0.21\"), vulnerable: make_list(\"lt 0.21\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-apps/systemd\", unaffected: make_list(\"ge 204-r1\"), vulnerable: make_list(\"lt 204-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-emulation/libvirt\", unaffected: make_list(\"ge 1.1.2-r3\"), vulnerable: make_list(\"lt 1.1.2-r3\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-auth/polkit\", unaffected: make_list(\"ge 0.112\"), vulnerable: make_list(\"lt 0.112\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:10", "bulletinFamily": "unix", "description": "The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE\n(Simple Protocol for Independent Computing Environments) clients. Both\nVirtual Machine Manager and Virtual Machine Viewer can make use of this\nwidget to access virtual machines using the SPICE protocol.\n\nspice-gtk communicated with PolicyKit for authorization via an API that is\nvulnerable to a race condition. This could lead to intended PolicyKit\nauthorizations being bypassed. This update modifies spice-gtk to\ncommunicate with PolicyKit via a different API that is not vulnerable to\nthe race condition. (CVE-2013-4324)\n\nAll users of spice-gtk are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\n", "modified": "2018-06-06T20:24:22", "published": "2013-09-19T04:00:00", "id": "RHSA-2013:1273", "href": "https://access.redhat.com/errata/RHSA-2013:1273", "type": "redhat", "title": "(RHSA-2013:1273) Important: spice-gtk security update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:10", "bulletinFamily": "unix", "description": "[0.14-7.3]\n- New build with correct patch for CVE-2013-4324\n[0.14-7.2]\n- Fix race condition in policykit use (CVE-2013-4324)\n Resolves: CVE-2013-4324", "modified": "2013-09-19T00:00:00", "published": "2013-09-19T00:00:00", "id": "ELSA-2013-1273", "href": "http://linux.oracle.com/errata/ELSA-2013-1273.html", "title": "spice-gtk security update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:34:52", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2013:1273\n\n\nThe spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE\n(Simple Protocol for Independent Computing Environments) clients. Both\nVirtual Machine Manager and Virtual Machine Viewer can make use of this\nwidget to access virtual machines using the SPICE protocol.\n\nspice-gtk communicated with PolicyKit for authorization via an API that is\nvulnerable to a race condition. This could lead to intended PolicyKit\nauthorizations being bypassed. This update modifies spice-gtk to\ncommunicate with PolicyKit via a different API that is not vulnerable to\nthe race condition. (CVE-2013-4324)\n\nAll users of spice-gtk are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-September/019950.html\n\n**Affected packages:**\nspice-glib\nspice-glib-devel\nspice-gtk\nspice-gtk-devel\nspice-gtk-python\nspice-gtk-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1273.html", "modified": "2013-09-20T02:25:25", "published": "2013-09-20T02:25:25", "href": "http://lists.centos.org/pipermail/centos-announce/2013-September/019950.html", "id": "CESA-2013:1273", "title": "spice security update", "type": "centos", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:36", "bulletinFamily": "unix", "description": "### Background\n\npolkit is a toolkit for managing policies relating to unprivileged processes communicating with privileged processes. \n\n### Description\n\npolkit has a race condition which potentially allows a process to change its UID/EUID via suid or pkexec before authentication is completed. \n\n### Impact\n\nA local attacker could start a suid or pkexec process through a polkit-enabled application, which could result in privilege escalation or bypass of polkit restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll polkit users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-auth/polkit-0.112\"\n \n\nAll HPLIP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-print/hplip-3.14.1\"\n \n\nAll Spice-Gtk users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/spice-gtk-0.21\"\n \n\nAll systemd users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/systemd-204-r1\"\n \n\nAll libvirt users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/libvirt-1.1.2-r3\"", "modified": "2014-06-26T00:00:00", "published": "2014-06-26T00:00:00", "id": "GLSA-201406-27", "href": "https://security.gentoo.org/glsa/201406-27", "type": "gentoo", "title": "polkit, Spice-Gtk, systemd, HPLIP, libvirt: Privilege escalation", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
