Lucene search
Copyright (c) 2005 E-Soft Inc. http://www.securityspace.comOPENVAS:53208HistoryJan 17, 2008 - 12:00 a.m.
Debian Security Advisory DSA 518-1 (kdelibs)
2008-01-1700:00:00
Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com
plugins.openvas.org
8
0.171 Low
EPSS
Percentile
96.1%
The remote host is missing an update to kdelibs
announced via advisory DSA 518-1.
# OpenVAS Vulnerability Test
# $Id: deb_518_1.nasl 6616 2017-07-07 12:10:49Z cfischer $
# Description: Auto-generated from advisory DSA 518-1
#
# Authors:
# Thomas Reinke <[email protected]>
#
# Copyright:
# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largerly excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "iDEFENSE identified a vulnerability in the Opera web browser that
could be used by remote attackers to create or truncate arbitrary
files on the victims machine. The KDE team discovered that a similar
vulnerability exists in KDE.
A remote attacker could entice a user to open a carefully crafted
telnet URI which may either create or truncate a file in the victims
home directory. In KDE 3.2 and later versions the user is first
explicitly asked to confirm the opening of the telnet URI.
For the stable distribution (woody) this problem has been fixed in
version 2.2.2-13.woody.10.
We recommend that you upgrade your KDE libraries.";
tag_summary = "The remote host is missing an update to kdelibs
announced via advisory DSA 518-1.";
tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20518-1";
if(description)
{
script_id(53208);
script_version("$Revision: 6616 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $");
script_tag(name:"creation_date", value:"2008-01-17 22:45:44 +0100 (Thu, 17 Jan 2008)");
script_bugtraq_id(10358);
script_cve_id("CVE-2004-0411");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Debian Security Advisory DSA 518-1 (kdelibs)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-deb.inc");
res = "";
report = "";
if ((res = isdpkgvuln(pkg:"kdelibs3-doc", ver:"2.2.2-13.woody.10", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"kdelibs-dev", ver:"2.2.2-13.woody.10", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"kdelibs3", ver:"2.2.2-13.woody.10", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"kdelibs3-bin", ver:"2.2.2-13.woody.10", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"kdelibs3-cups", ver:"2.2.2-13.woody.10", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libarts", ver:"2.2.2-13.woody.10", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libarts-alsa", ver:"2.2.2-13.woody.10", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libarts-dev", ver:"2.2.2-13.woody.10", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libkmid", ver:"2.2.2-13.woody.10", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libkmid-alsa", ver:"2.2.2-13.woody.10", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libkmid-dev", ver:"2.2.2-13.woody.10", rls:"DEB3.0")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
Related
freebsd
freebsd
URI handler vulnerabilities in several browsers
2004-05-12 00:00:00
nessus
nessus
FreeBSD : URI handler vulnerabilities in several browsers (df333ede-a8ce-11d8-9c6d-0020ed76ef5a)
2009-04-23 00:00:00
Fedora Core 2 : kdelibs-3.2.2-6 (2004-122)
2004-07-23 00:00:00
GLSA-200405-11 : KDE URI Handler Vulnerabilities
2004-08-30 00:00:00
redhat
redhat
(RHSA-2004:222) kdelibs security update
2004-05-17 00:00:00
debian
debian
[SECURITY] [DSA 518-1] New kdelibs packages fix URI handler vulnerabilities
2004-06-14 13:29:31
[SECURITY] [DSA 518-1] New kdelibs packages fix URI handler vulnerabilities
2004-06-14 13:29:31
openvas
openvas
Gentoo Security Advisory GLSA 200405-11 (kdelibs)
2008-09-24 00:00:00
FreeBSD Ports: linux-opera, opera
2008-09-04 00:00:00
Slackware Advisory SSA:2004-238-01 kdelibs
2012-09-11 00:00:00
nvd
nvd
CVE-2004-0411
2004-07-07 04:00:00
securityvulns
securityvulns
KDE Security Advisory: URI Handler Vulnerabilities
2004-05-18 00:00:00
cve
cve
CVE-2004-0411
2004-07-07 04:00:00
slackware
slackware
kdelibs
2004-05-18 00:08:28
osv
osv
kdelibs - unsanitised input
2004-06-14 00:00:00
cvelist
cvelist
CVE-2004-0411
2004-05-20 04:00:00
gentoo
gentoo
KDE URI Handler Vulnerabilities
2004-05-19 00:00:00
checkpoint_advisories
checkpoint_advisories
suse
suse
remote file creation in kdelibs/kdelibs3
2004-05-26 11:35:37