Lucene search
Copyright (c) 2011 Greenbone Networks GmbHOPENVAS:831482HistoryNov 03, 2011 - 12:00 a.m.
Mandriva Update for kdelibs4 MDVSA-2011:162 (kdelibs4)
2011-11-0300:00:00
Copyright (c) 2011 Greenbone Networks GmbH
plugins.openvas.org
12
0.006 Low
EPSS
Percentile
75.0%
Check for the Version of kdelibs4
###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for kdelibs4 MDVSA-2011:162 (kdelibs4)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Multiple vulnerabilities was discovered and corrected in kdelibs4:
KDE KSSL in kdelibs does not properly handle a \'\0\' (NUL)
character in a domain name in the Subject Alternative Name field of
an X.509 certificate, which allows man-in-the-middle attackers to
spoof arbitrary SSL servers via a crafted certificate issued by a
legitimate Certification Authority, a related issue to CVE-2009-2408
(CVE-2009-2702).
An input sanitization flaw was found in the KSSL (KDE SSL Wrapper)
API. An attacker could supply a specially-crafted SSL certificate
(for example, via a web page) to an application using KSSL, such
as the Konqueror web browser, causing misleading information to be
presented to the user, possibly tricking them into accepting the
certificate as valid (CVE-2011-3365).
The updated packages have been patched to correct these issues.";
tag_solution = "Please Install the Updated Packages.";
tag_affected = "kdelibs4 on Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64";
if(description)
{
script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2011-11/msg00000.php");
script_id(831482);
script_version("$Revision: 6570 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $");
script_tag(name:"creation_date", value:"2011-11-03 12:22:48 +0100 (Thu, 03 Nov 2011)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_xref(name: "MDVSA", value: "2011:162");
script_cve_id("CVE-2009-2408", "CVE-2009-2702", "CVE-2011-3365");
script_name("Mandriva Update for kdelibs4 MDVSA-2011:162 (kdelibs4)");
script_summary("Check for the Version of kdelibs4");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "MNDK_2010.1")
{
if ((res = isrpmvuln(pkg:"kdelibs4-core", rpm:"kdelibs4-core~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"kdelibs4-devel", rpm:"kdelibs4-devel~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkde3support4", rpm:"libkde3support4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkdecore5", rpm:"libkdecore5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkdefakes5", rpm:"libkdefakes5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkdesu5", rpm:"libkdesu5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkdeui5", rpm:"libkdeui5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkdewebkit5", rpm:"libkdewebkit5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkdnssd4", rpm:"libkdnssd4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkfile4", rpm:"libkfile4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkhtml5", rpm:"libkhtml5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkimproxy4", rpm:"libkimproxy4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkio5", rpm:"libkio5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkjs4", rpm:"libkjs4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkjsapi4", rpm:"libkjsapi4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkjsembed4", rpm:"libkjsembed4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkmediaplayer4", rpm:"libkmediaplayer4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libknewstuff2_4", rpm:"libknewstuff2_4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libknewstuff34", rpm:"libknewstuff34~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libknotifyconfig4", rpm:"libknotifyconfig4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkntlm4", rpm:"libkntlm4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkparts4", rpm:"libkparts4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkpty4", rpm:"libkpty4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkrosscore4", rpm:"libkrosscore4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkrossui4", rpm:"libkrossui4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libktexteditor4", rpm:"libktexteditor4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkunitconversion4", rpm:"libkunitconversion4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkunittest4", rpm:"libkunittest4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkutils4", rpm:"libkutils4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libnepomuk4", rpm:"libnepomuk4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libnepomukquery4", rpm:"libnepomukquery4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libplasma3", rpm:"libplasma3~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libsolid4", rpm:"libsolid4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libthreadweaver4", rpm:"libthreadweaver4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"kdelibs4", rpm:"kdelibs4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64kde3support4", rpm:"lib64kde3support4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64kdecore5", rpm:"lib64kdecore5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64kdefakes5", rpm:"lib64kdefakes5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64kdesu5", rpm:"lib64kdesu5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64kdeui5", rpm:"lib64kdeui5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64kdewebkit5", rpm:"lib64kdewebkit5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64kdnssd4", rpm:"lib64kdnssd4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64kfile4", rpm:"lib64kfile4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64khtml5", rpm:"lib64khtml5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64kimproxy4", rpm:"lib64kimproxy4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64kio5", rpm:"lib64kio5~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64kjs4", rpm:"lib64kjs4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64kjsapi4", rpm:"lib64kjsapi4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64kjsembed4", rpm:"lib64kjsembed4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64kmediaplayer4", rpm:"lib64kmediaplayer4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64knewstuff2_4", rpm:"lib64knewstuff2_4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64knewstuff34", rpm:"lib64knewstuff34~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64knotifyconfig4", rpm:"lib64knotifyconfig4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64kntlm4", rpm:"lib64kntlm4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64kparts4", rpm:"lib64kparts4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64kpty4", rpm:"lib64kpty4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64krosscore4", rpm:"lib64krosscore4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64krossui4", rpm:"lib64krossui4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64ktexteditor4", rpm:"lib64ktexteditor4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64kunitconversion4", rpm:"lib64kunitconversion4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64kunittest4", rpm:"lib64kunittest4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64kutils4", rpm:"lib64kutils4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64nepomuk4", rpm:"lib64nepomuk4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64nepomukquery4", rpm:"lib64nepomukquery4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64plasma3", rpm:"lib64plasma3~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64solid4", rpm:"lib64solid4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64threadweaver4", rpm:"lib64threadweaver4~4.4.5~0.4mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Related
nessus
nessus
Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2011:162)
2011-11-02 00:00:00
Debian DSA-1916-1 : kdelibs - insufficient input validation
2010-02-24 00:00:00
openvas
openvas
Mandriva Update for kdelibs4 MDVSA-2011:162 (kdelibs4)
2011-11-03 00:00:00
Fedora Core 10 FEDORA-2009-9427 (akonadi)
2009-09-15 00:00:00
Debian: Security Advisory (DSA-1916-1)
2009-10-27 00:00:00
cve
cve
CVE-2009-2702
2009-09-08 18:30:00
ubuntucve
ubuntucve
debiancve
debiancve
CVE-2009-2702
2009-09-08 18:30:00
prion
prion
Design/Logic Flaw
2009-09-08 18:30:00
Design/Logic Flaw
2011-11-29 17:55:00
fedora
fedora
[SECURITY] Fedora 10 Update: kdeedu-4.3.1-1.fc10
2009-09-15 07:41:19
[SECURITY] Fedora 11 Update: akonadi-1.2.1-1.fc11
2009-09-15 07:39:23
[SECURITY] Fedora 11 Update: kdeedu-4.3.1-1.fc11
2009-09-15 07:39:23
debian
debian
ubuntu
ubuntu
KDE-Libs vulnerability
2009-09-17 00:00:00
oraclelinux
oraclelinux
kdelibs and kdelibs3 security update
2011-10-19 00:00:00
kdelibs security and enhancement update
2011-10-11 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2009-42
2009-08-07 00:00:00
exploitdb
exploitdb
redhat
redhat
(RHSA-2011:1364) Moderate: kdelibs security and enhancement update
2011-10-11 00:00:00