{"cve": [{"lastseen": "2018-10-10T11:34:10", "bulletinFamily": "NVD", "description": "Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.", "modified": "2018-10-09T15:30:38", "published": "2011-04-18T14:55:00", "id": "CVE-2011-1168", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1168", "title": "CVE-2011-1168", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-08-17T10:42:43", "bulletinFamily": "NVD", "description": "kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702.", "modified": "2017-08-16T21:33:50", "published": "2011-03-16T18:55:04", "id": "CVE-2011-1094", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1094", "title": "CVE-2011-1094", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-01-16T20:14:25", "bulletinFamily": "scanner", "description": "A cross-site scripting (XSS) flaw was found in the way KHTML, the HTML\nlayout engine used by KDE applications such as the Konqueror web\nbrowser, displayed certain error pages. A remote attacker could use\nthis flaw to perform a cross-site scripting attack against victims by\ntricking them into visiting a specially crafted URL. (CVE-2011-1168)\n\nA flaw was found in the way kdelibs checked the user specified\nhostname against the name in the server's SSL certificate. A\nman-in-the-middle attacker could use this flaw to trick an application\nusing kdelibs into mistakenly accepting a certificate as if it was\nvalid for the host, if that certificate was issued for an IP address\nto which the user specified hostname was resolved to. (CVE-2011-1094)\n\nNote: As part of the fix for CVE-2011-1094, this update also\nintroduces stricter handling for wildcards used in servers' SSL\ncertificates.\n\nThe desktop must be restarted (log out, then log back in) for this\nupdate to take effect.", "modified": "2018-12-31T00:00:00", "published": "2012-08-01T00:00:00", "id": "SL_20110421_KDELIBS_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61023", "title": "Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61023);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/31 11:35:00\");\n\n script_cve_id(\"CVE-2011-1094\", \"CVE-2011-1168\");\n\n script_name(english:\"Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A cross-site scripting (XSS) flaw was found in the way KHTML, the HTML\nlayout engine used by KDE applications such as the Konqueror web\nbrowser, displayed certain error pages. A remote attacker could use\nthis flaw to perform a cross-site scripting attack against victims by\ntricking them into visiting a specially crafted URL. (CVE-2011-1168)\n\nA flaw was found in the way kdelibs checked the user specified\nhostname against the name in the server's SSL certificate. A\nman-in-the-middle attacker could use this flaw to trick an application\nusing kdelibs into mistakenly accepting a certificate as if it was\nvalid for the host, if that certificate was issued for an IP address\nto which the user specified hostname was resolved to. (CVE-2011-1094)\n\nNote: As part of the fix for CVE-2011-1094, this update also\nintroduces stricter handling for wildcards used in servers' SSL\ncertificates.\n\nThe desktop must be restarted (log out, then log back in) for this\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1104&L=scientific-linux-errata&T=0&P=2879\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4406abbf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-4.3.4-11.el6_0.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-apidocs-4.3.4-11.el6_0.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-common-4.3.4-11.el6_0.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kdelibs-devel-4.3.4-11.el6_0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:16:42", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2011:0464 :\n\nUpdated kdelibs packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kdelibs packages provide libraries for the K Desktop Environment\n(KDE).\n\nA cross-site scripting (XSS) flaw was found in the way KHTML, the HTML\nlayout engine used by KDE applications such as the Konqueror web\nbrowser, displayed certain error pages. A remote attacker could use\nthis flaw to perform a cross-site scripting attack against victims by\ntricking them into visiting a specially crafted URL. (CVE-2011-1168)\n\nA flaw was found in the way kdelibs checked the user specified\nhostname against the name in the server's SSL certificate. A\nman-in-the-middle attacker could use this flaw to trick an application\nusing kdelibs into mistakenly accepting a certificate as if it was\nvalid for the host, if that certificate was issued for an IP address\nto which the user specified hostname was resolved to. (CVE-2011-1094)\n\nNote: As part of the fix for CVE-2011-1094, this update also\nintroduces stricter handling for wildcards used in servers' SSL\ncertificates.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.", "modified": "2019-01-02T00:00:00", "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2011-0464.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68259", "title": "Oracle Linux 6 : kdelibs (ELSA-2011-0464)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0464 and \n# Oracle Linux Security Advisory ELSA-2011-0464 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68259);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/01/02 16:37:55\");\n\n script_cve_id(\"CVE-2011-1094\", \"CVE-2011-1168\");\n script_bugtraq_id(46789, 47304);\n script_xref(name:\"RHSA\", value:\"2011:0464\");\n\n script_name(english:\"Oracle Linux 6 : kdelibs (ELSA-2011-0464)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0464 :\n\nUpdated kdelibs packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kdelibs packages provide libraries for the K Desktop Environment\n(KDE).\n\nA cross-site scripting (XSS) flaw was found in the way KHTML, the HTML\nlayout engine used by KDE applications such as the Konqueror web\nbrowser, displayed certain error pages. A remote attacker could use\nthis flaw to perform a cross-site scripting attack against victims by\ntricking them into visiting a specially crafted URL. (CVE-2011-1168)\n\nA flaw was found in the way kdelibs checked the user specified\nhostname against the name in the server's SSL certificate. A\nman-in-the-middle attacker could use this flaw to trick an application\nusing kdelibs into mistakenly accepting a certificate as if it was\nvalid for the host, if that certificate was issued for an IP address\nto which the user specified hostname was resolved to. (CVE-2011-1094)\n\nNote: As part of the fix for CVE-2011-1094, this update also\nintroduces stricter handling for wildcards used in servers' SSL\ncertificates.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-April/002087.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdelibs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"kdelibs-4.3.4-11.el6_0.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"kdelibs-apidocs-4.3.4-11.el6_0.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"kdelibs-common-4.3.4-11.el6_0.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"kdelibs-devel-4.3.4-11.el6_0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs / kdelibs-apidocs / kdelibs-common / kdelibs-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:12:13", "bulletinFamily": "scanner", "description": "It was discovered that KDE KSSL did not properly verify X.509\ncertificates when the certificate was issued for an IP address. An\nattacker could exploit this to perform a man in the middle attack to\nview sensitive information or alter encrypted communications.\n(CVE-2011-1094)\n\nTim Brown discovered that KDE KHTML did not properly escape URLs from\nexternally generated error pages. An attacker could exploit this to\nconduct cross-site scripting attacks. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing server output\nduring a crafted server request, a remote attacker could exploit this\nto modify the contents, or steal confidential data (such as\npasswords), within the same domain. (CVE-2011-1168).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2011-06-13T00:00:00", "id": "UBUNTU_USN-1110-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55068", "title": "Ubuntu 9.10 / 10.04 LTS / 10.10 : kde4libs vulnerabilities (USN-1110-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1110-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55068);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/12/01 13:19:06\");\n\n script_cve_id(\"CVE-2011-1094\", \"CVE-2011-1168\");\n script_bugtraq_id(46789, 47304);\n script_xref(name:\"USN\", value:\"1110-1\");\n\n script_name(english:\"Ubuntu 9.10 / 10.04 LTS / 10.10 : kde4libs vulnerabilities (USN-1110-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that KDE KSSL did not properly verify X.509\ncertificates when the certificate was issued for an IP address. An\nattacker could exploit this to perform a man in the middle attack to\nview sensitive information or alter encrypted communications.\n(CVE-2011-1094)\n\nTim Brown discovered that KDE KHTML did not properly escape URLs from\nexternally generated error pages. An attacker could exploit this to\nconduct cross-site scripting attacks. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing server output\nduring a crafted server request, a remote attacker could exploit this\nto modify the contents, or steal confidential data (such as\npasswords), within the same domain. (CVE-2011-1168).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1110-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs5, libkhtml5 and / or libkio5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkhtml5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkio5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.10\", pkgname:\"kdelibs5\", pkgver:\"4:4.3.2-0ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"kdelibs5\", pkgver:\"4:4.4.5-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libkhtml5\", pkgver:\"4:4.5.1-0ubuntu8.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libkio5\", pkgver:\"4:4.5.1-0ubuntu8.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs5 / libkhtml5 / libkio5\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:12:00", "bulletinFamily": "scanner", "description": "Updated kdelibs packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kdelibs packages provide libraries for the K Desktop Environment\n(KDE).\n\nA cross-site scripting (XSS) flaw was found in the way KHTML, the HTML\nlayout engine used by KDE applications such as the Konqueror web\nbrowser, displayed certain error pages. A remote attacker could use\nthis flaw to perform a cross-site scripting attack against victims by\ntricking them into visiting a specially crafted URL. (CVE-2011-1168)\n\nA flaw was found in the way kdelibs checked the user specified\nhostname against the name in the server's SSL certificate. A\nman-in-the-middle attacker could use this flaw to trick an application\nusing kdelibs into mistakenly accepting a certificate as if it was\nvalid for the host, if that certificate was issued for an IP address\nto which the user specified hostname was resolved to. (CVE-2011-1094)\n\nNote: As part of the fix for CVE-2011-1094, this update also\nintroduces stricter handling for wildcards used in servers' SSL\ncertificates.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.", "modified": "2019-01-02T00:00:00", "published": "2011-04-22T00:00:00", "id": "REDHAT-RHSA-2011-0464.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53525", "title": "RHEL 6 : kdelibs (RHSA-2011:0464)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0464. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53525);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2019/01/02 16:37:55\");\n\n script_cve_id(\"CVE-2011-1094\", \"CVE-2011-1168\");\n script_bugtraq_id(46789, 47304);\n script_xref(name:\"RHSA\", value:\"2011:0464\");\n\n script_name(english:\"RHEL 6 : kdelibs (RHSA-2011:0464)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kdelibs packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kdelibs packages provide libraries for the K Desktop Environment\n(KDE).\n\nA cross-site scripting (XSS) flaw was found in the way KHTML, the HTML\nlayout engine used by KDE applications such as the Konqueror web\nbrowser, displayed certain error pages. A remote attacker could use\nthis flaw to perform a cross-site scripting attack against victims by\ntricking them into visiting a specially crafted URL. (CVE-2011-1168)\n\nA flaw was found in the way kdelibs checked the user specified\nhostname against the name in the server's SSL certificate. A\nman-in-the-middle attacker could use this flaw to trick an application\nusing kdelibs into mistakenly accepting a certificate as if it was\nvalid for the host, if that certificate was issued for an IP address\nto which the user specified hostname was resolved to. (CVE-2011-1094)\n\nNote: As part of the fix for CVE-2011-1094, this update also\nintroduces stricter handling for wildcards used in servers' SSL\ncertificates.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0464\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0464\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"kdelibs-4.3.4-11.el6_0.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kdelibs-apidocs-4.3.4-11.el6_0.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kdelibs-common-4.3.4-11.el6_0.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kdelibs-common-4.3.4-11.el6_0.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kdelibs-common-4.3.4-11.el6_0.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kdelibs-debuginfo-4.3.4-11.el6_0.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kdelibs-devel-4.3.4-11.el6_0.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs / kdelibs-apidocs / kdelibs-common / kdelibs-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:12:10", "bulletinFamily": "scanner", "description": "This update fixes a cross-site scripting (XSS) vulnerability in the\nway KHTML handles error pages. (CVE-2011-1168)", "modified": "2013-10-25T00:00:00", "published": "2011-05-27T00:00:00", "id": "SUSE_11_KDELIBS4-110418.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=54840", "title": "SuSE 11.1 Security Update : kdelibs4 (SAT Patch Number 4407)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(54840);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:46:55 $\");\n\n script_cve_id(\"CVE-2011-1168\");\n\n script_name(english:\"SuSE 11.1 Security Update : kdelibs4 (SAT Patch Number 4407)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a cross-site scripting (XSS) vulnerability in the\nway KHTML handles error pages. (CVE-2011-1168)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=686652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1168.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4407.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kdelibs4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kdelibs4-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kdelibs4-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libkde4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libkde4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libkdecore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libkdecore4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kdelibs4-4.3.5-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kdelibs4-core-4.3.5-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libkde4-4.3.5-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libkdecore4-4.3.5-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kdelibs4-4.3.5-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kdelibs4-core-4.3.5-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libkde4-4.3.5-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libkde4-32bit-4.3.5-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libkdecore4-4.3.5-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libkdecore4-32bit-4.3.5-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kdelibs4-4.3.5-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kdelibs4-core-4.3.5-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kdelibs4-doc-4.3.5-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libkde4-4.3.5-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libkdecore4-4.3.5-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libkde4-32bit-4.3.5-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libkdecore4-32bit-4.3.5-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libkde4-32bit-4.3.5-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libkdecore4-32bit-4.3.5-0.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:12:00", "bulletinFamily": "scanner", "description": "A vulnerability has been found and corrected in kdelibs4 :\n\nCross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError\nfunction in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through\n4.6.1 allows remote attackers to inject arbitrary web script or HTML\nvia the URI in a URL corresponding to an unavailable web site\n(CVE-2011-1168).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct this issue.", "modified": "2018-07-19T00:00:00", "published": "2011-04-21T00:00:00", "id": "MANDRIVA_MDVSA-2011-075.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53509", "title": "Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2011:075)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:075. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53509);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2011-1168\");\n script_bugtraq_id(47304);\n script_xref(name:\"MDVSA\", value:\"2011:075\");\n\n script_name(english:\"Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2011:075)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in kdelibs4 :\n\nCross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError\nfunction in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through\n4.6.1 allows remote attackers to inject arbitrary web script or HTML\nvia the URI in a URL corresponding to an unavailable web site\n(CVE-2011-1168).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdelibs4-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdelibs4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kde3support4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdecore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdefakes5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdesu5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdeui5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdewebkit5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdnssd4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kfile4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64khtml5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kimproxy4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kio5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kjs4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kjsapi4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kjsembed4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kmediaplayer4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64knewstuff2_4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64knewstuff34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64knotifyconfig4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kntlm4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kparts4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kpty4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krosscore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krossui4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ktexteditor4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kunitconversion4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kunittest4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kutils4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nepomuk4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nepomukquery4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64plasma3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64solid4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64threadweaver4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkde3support4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdecore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdefakes5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdesu5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdeui5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdewebkit5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdnssd4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkfile4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkhtml5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkimproxy4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkio5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkjs4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkjsapi4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkjsembed4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkmediaplayer4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libknewstuff2_4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libknewstuff34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libknotifyconfig4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkntlm4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkparts4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkpty4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrosscore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrossui4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libktexteditor4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkunitconversion4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkunittest4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkutils4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnepomuk4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnepomukquery4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libplasma3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsolid4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libthreadweaver4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"kdelibs4-core-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"kdelibs4-devel-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64kde3support4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64kdecore5-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64kdefakes5-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64kdesu5-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64kdeui5-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64kdnssd4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64kfile4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64khtml5-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64kimproxy4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64kio5-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64kjs4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64kjsapi4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64kjsembed4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64kmediaplayer4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64knewstuff2_4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64knotifyconfig4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64kntlm4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64kparts4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64kpty4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64krosscore4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64krossui4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64ktexteditor4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64kunittest4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64kutils4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64nepomuk4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64plasma3-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64solid4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64threadweaver4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkde3support4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkdecore5-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkdefakes5-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkdesu5-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkdeui5-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkdnssd4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkfile4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkhtml5-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkimproxy4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkio5-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkjs4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkjsapi4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkjsembed4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkmediaplayer4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libknewstuff2_4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libknotifyconfig4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkntlm4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkparts4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkpty4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkrosscore4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkrossui4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libktexteditor4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkunittest4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkutils4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libnepomuk4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libplasma3-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsolid4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libthreadweaver4-4.2.4-0.4mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"kdelibs4-core-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"kdelibs4-devel-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64kde3support4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64kdecore5-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64kdefakes5-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64kdesu5-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64kdeui5-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64kdnssd4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64kfile4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64khtml5-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64kimproxy4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64kio5-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64kjs4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64kjsapi4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64kjsembed4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64kmediaplayer4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64knewstuff2_4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64knotifyconfig4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64kntlm4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64kparts4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64kpty4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64krosscore4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64krossui4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ktexteditor4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64kunittest4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64kutils4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64nepomuk4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64plasma3-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64solid4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64threadweaver4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkde3support4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkdecore5-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkdefakes5-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkdesu5-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkdeui5-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkdnssd4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkfile4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkhtml5-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkimproxy4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkio5-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkjs4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkjsapi4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkjsembed4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkmediaplayer4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libknewstuff2_4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libknotifyconfig4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkntlm4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkparts4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkpty4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkrosscore4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkrossui4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libktexteditor4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkunittest4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkutils4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libnepomuk4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libplasma3-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libsolid4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libthreadweaver4-4.3.5-0.27mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"kdelibs4-core-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"kdelibs4-devel-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kde3support4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kdecore5-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kdefakes5-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kdesu5-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kdeui5-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kdewebkit5-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kdnssd4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kfile4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64khtml5-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kimproxy4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kio5-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kjs4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kjsapi4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kjsembed4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kmediaplayer4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64knewstuff2_4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64knewstuff34-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64knotifyconfig4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kntlm4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kparts4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kpty4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64krosscore4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64krossui4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64ktexteditor4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kunitconversion4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kunittest4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64kutils4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64nepomuk4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64nepomukquery4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64plasma3-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64solid4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64threadweaver4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkde3support4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkdecore5-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkdefakes5-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkdesu5-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkdeui5-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkdewebkit5-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkdnssd4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkfile4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkhtml5-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkimproxy4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkio5-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkjs4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkjsapi4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkjsembed4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkmediaplayer4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libknewstuff2_4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libknewstuff34-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libknotifyconfig4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkntlm4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkparts4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkpty4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkrosscore4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkrossui4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libktexteditor4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkunitconversion4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkunittest4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkutils4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libnepomuk4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libnepomukquery4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libplasma3-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsolid4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libthreadweaver4-4.4.5-0.3mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:18:59", "bulletinFamily": "scanner", "description": "A XSS vulnerability in the way KHTML handles error pages has been\nfixed. CVE-2011-1168 has been assigned to this issue.", "modified": "2018-11-10T00:00:00", "published": "2014-06-13T00:00:00", "id": "SUSE_11_3_KDELIBS4-110418.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75546", "title": "openSUSE Security Update : kdelibs4 (openSUSE-SU-2011:0480-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kdelibs4-4406.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75546);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:49:59\");\n\n script_cve_id(\"CVE-2011-1168\");\n\n script_name(english:\"openSUSE Security Update : kdelibs4 (openSUSE-SU-2011:0480-1)\");\n script_summary(english:\"Check for the kdelibs4-4406 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A XSS vulnerability in the way KHTML handles error pages has been\nfixed. CVE-2011-1168 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=686652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-05/msg00026.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkde4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkde4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkde4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libksuseinstall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libksuseinstall1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libksuseinstall1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kdelibs4-4.4.4-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kdelibs4-branding-upstream-4.4.4-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kdelibs4-core-4.4.4-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libkde4-4.4.4-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libkde4-devel-4.4.4-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libkdecore4-4.4.4-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libkdecore4-devel-4.4.4-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libksuseinstall-devel-4.4.4-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libksuseinstall1-4.4.4-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libkde4-32bit-4.4.4-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libkdecore4-32bit-4.4.4-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libksuseinstall1-32bit-4.4.4-3.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs4\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:19:07", "bulletinFamily": "scanner", "description": "A XSS vulnerability in the way KHTML handles error pages has been\nfixed. CVE-2011-1168 has been assigned to this issue.", "modified": "2018-11-10T00:00:00", "published": "2014-06-13T00:00:00", "id": "SUSE_11_4_KDELIBS4-110418.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75877", "title": "openSUSE Security Update : kdelibs4 (openSUSE-SU-2011:0480-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kdelibs4-4406.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75877);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:49:59\");\n\n script_cve_id(\"CVE-2011-1168\");\n\n script_name(english:\"openSUSE Security Update : kdelibs4 (openSUSE-SU-2011:0480-1)\");\n script_summary(english:\"Check for the kdelibs4-4406 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A XSS vulnerability in the way KHTML handles error pages has been\nfixed. CVE-2011-1168 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=686652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-05/msg00026.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-doc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkde4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkde4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkde4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkde4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkde4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libksuseinstall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libksuseinstall1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libksuseinstall1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libksuseinstall1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libksuseinstall1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kdelibs4-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kdelibs4-branding-upstream-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kdelibs4-core-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kdelibs4-core-debuginfo-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kdelibs4-debuginfo-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kdelibs4-debugsource-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kdelibs4-doc-debuginfo-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libkde4-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libkde4-debuginfo-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libkde4-devel-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libkdecore4-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libkdecore4-debuginfo-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libkdecore4-devel-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libkdecore4-devel-debuginfo-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libksuseinstall-devel-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libksuseinstall1-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libksuseinstall1-debuginfo-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libkde4-32bit-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libkde4-debuginfo-32bit-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libkdecore4-32bit-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libkdecore4-debuginfo-32bit-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libksuseinstall1-32bit-4.6.0-6.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libksuseinstall1-debuginfo-32bit-4.6.0-6.15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs4\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:12:00", "bulletinFamily": "scanner", "description": "This update is the second in a series of monthly stabilization updates\nto the 4.6 series. 4.6.2 brings many bugfixes and translation updates\non top of the latest edition in the 4.6 series and is a recommended\nupdate for everyone running 4.6.1 or earlier versions. See also:\nhttp://kde.org/announcements/announce-4.6.2.php\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-24T00:00:00", "published": "2011-04-22T00:00:00", "id": "FEDORA_2011-5221.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53520", "title": "Fedora 15 : kde-l10n-4.6.2-1.fc15.1 / kdeaccessibility-4.6.2-1.fc15 / kdeadmin-4.6.2-2.fc15 / etc (2011-5221)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-5221.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53520);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/12/24 10:14:27\");\n\n script_cve_id(\"CVE-2011-1168\");\n script_bugtraq_id(47304);\n script_xref(name:\"FEDORA\", value:\"2011-5221\");\n\n script_name(english:\"Fedora 15 : kde-l10n-4.6.2-1.fc15.1 / kdeaccessibility-4.6.2-1.fc15 / kdeadmin-4.6.2-2.fc15 / etc (2011-5221)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update is the second in a series of monthly stabilization updates\nto the 4.6 series. 4.6.2 brings many bugfixes and translation updates\non top of the latest edition in the 4.6 series and is a recommended\nupdate for everyone running 4.6.1 or earlier versions. See also:\nhttp://kde.org/announcements/announce-4.6.2.php\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://kde.org/announcements/announce-4.6.2.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.kde.org/announcements/announce-4.6.2.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=695398\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058590.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?64727e05\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058591.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?34961c79\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058592.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5d50cdd0\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058593.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b876a992\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058594.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e8c6ac2b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058595.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?420a19f3\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058596.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2045445e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058597.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe65a561\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058598.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9102980b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058599.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?24e4ba54\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058600.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8db9e8d7\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058601.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e47e477f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058602.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?902e3561\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058603.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a53d59de\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058604.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8bb1dfe2\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058605.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd01af66\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058606.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?264fe26b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058607.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ec5cb4a0\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058608.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?486d2f8c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058609.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?65e4f831\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kde-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdeaccessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdeadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdeartwork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdebase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdebase-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdebase-workspace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdebindings\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdeedu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdegames\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdegraphics\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdemultimedia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdenetwork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdepimlibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdeplasma-addons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdesdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdetoys\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdeutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:oxygen-icon-theme\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"kde-l10n-4.6.2-1.fc15.1\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"kdeaccessibility-4.6.2-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"kdeadmin-4.6.2-2.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"kdeartwork-4.6.2-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"kdebase-4.6.2-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"kdebase-runtime-4.6.2-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"kdebase-workspace-4.6.2-2.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"kdebindings-4.6.2-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"kdeedu-4.6.2-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"kdegames-4.6.2-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"kdegraphics-4.6.2-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"kdelibs-4.6.2-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"kdemultimedia-4.6.2-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"kdenetwork-4.6.2-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"kdepimlibs-4.6.2-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"kdeplasma-addons-4.6.2-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"kdesdk-4.6.2-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"kdetoys-4.6.2-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"kdeutils-4.6.2-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"oxygen-icon-theme-4.6.2-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kde-l10n / kdeaccessibility / kdeadmin / kdeartwork / kdebase / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:12:09", "bulletinFamily": "scanner", "description": "A XSS vulnerability in the way KHTML handles error pages has been\nfixed. CVE-2011-1168 has been assigned to this issue.", "modified": "2018-11-10T00:00:00", "published": "2011-05-13T00:00:00", "id": "SUSE_11_2_KDELIBS4-110418.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53884", "title": "openSUSE Security Update : kdelibs4 (openSUSE-SU-2011:0480-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kdelibs4-4406.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53884);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:59\");\n\n script_cve_id(\"CVE-2011-1168\");\n\n script_name(english:\"openSUSE Security Update : kdelibs4 (openSUSE-SU-2011:0480-1)\");\n script_summary(english:\"Check for the kdelibs4-4406 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A XSS vulnerability in the way KHTML handles error pages has been\nfixed. CVE-2011-1168 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=686652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-05/msg00026.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs4-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkde4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkde4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkde4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libkdecore4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kdelibs4-4.3.5-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kdelibs4-branding-upstream-4.3.5-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"kdelibs4-core-4.3.5-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libkde4-4.3.5-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libkde4-devel-4.3.5-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libkdecore4-4.3.5-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libkdecore4-devel-4.3.5-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libkde4-32bit-4.3.5-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libkdecore4-32bit-4.3.5-0.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs4\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2018-01-06T13:06:31", "bulletinFamily": "scanner", "description": "Check for the Version of kdelibs", "modified": "2018-01-05T00:00:00", "published": "2012-06-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870612", "id": "OPENVAS:870612", "title": "RedHat Update for kdelibs RHSA-2011:0464-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kdelibs RHSA-2011:0464-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kdelibs packages provide libraries for the K Desktop Environment (KDE).\n\n A cross-site scripting (XSS) flaw was found in the way KHTML, the HTML\n layout engine used by KDE applications such as the Konqueror web browser,\n displayed certain error pages. A remote attacker could use this flaw to\n perform a cross-site scripting attack against victims by tricking them into\n visiting a specially-crafted URL. (CVE-2011-1168)\n\n A flaw was found in the way kdelibs checked the user specified hostname\n against the name in the server's SSL certificate. A man-in-the-middle\n attacker could use this flaw to trick an application using kdelibs into\n mistakenly accepting a certificate as if it was valid for the host, if that\n certificate was issued for an IP address to which the user specified\n hostname was resolved to. (CVE-2011-1094)\n\n Note: As part of the fix for CVE-2011-1094, this update also introduces\n stricter handling for wildcards used in servers' SSL certificates.\n\n Users should upgrade to these updated packages, which contain backported\n patches to correct these issues. The desktop must be restarted (log out,\n then log back in) for this update to take effect.\";\n\ntag_affected = \"kdelibs on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-April/msg00023.html\");\n script_id(870612);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:34:01 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2011-1094\", \"CVE-2011-1168\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"RHSA\", value: \"2011:0464-01\");\n script_name(\"RedHat Update for kdelibs RHSA-2011:0464-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kdelibs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdelibs\", rpm:\"kdelibs~4.3.4~11.el6_0.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-common\", rpm:\"kdelibs-common~4.3.4~11.el6_0.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-debuginfo\", rpm:\"kdelibs-debuginfo~4.3.4~11.el6_0.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-devel\", rpm:\"kdelibs-devel~4.3.4~11.el6_0.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-apidocs\", rpm:\"kdelibs-apidocs~4.3.4~11.el6_0.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-04T11:27:12", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1110-1", "modified": "2017-12-01T00:00:00", "published": "2011-05-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840656", "id": "OPENVAS:840656", "title": "Ubuntu Update for kde4libs USN-1110-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1110_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for kde4libs USN-1110-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that KDE KSSL did not properly verify X.509 certificates\n when the certificate was issued for an IP address. An attacker could\n exploit this to perform a man in the middle attack to view sensitive\n information or alter encrypted communications. (CVE-2011-1094)\n\n Tim Brown discovered that KDE KHTML did not properly escape URLs from\n externally generated error pages. An attacker could expoit this to conduct\n cross-site scripting attacks. With cross-site scripting vulnerabilities, if\n a user were tricked into viewing server output during a crafted server\n request, a remote attacker could exploit this to modify the contents, or\n steal confidential data (such as passwords), within the same domain.\n (CVE-2011-1168)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1110-1\";\ntag_affected = \"kde4libs on Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1110-1/\");\n script_id(840656);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"USN\", value: \"1110-1\");\n script_cve_id(\"CVE-2011-1094\", \"CVE-2011-1168\");\n script_name(\"Ubuntu Update for kde4libs USN-1110-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"kdelibs5\", ver:\"4:4.4.5-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"kdelibs5\", ver:\"4:4.3.2-0ubuntu7.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkhtml5\", ver:\"4:4.5.1-0ubuntu8.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkio5\", ver:\"4:4.5.1-0ubuntu8.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-02T00:02:30", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1110-1", "modified": "2018-08-17T00:00:00", "published": "2011-05-10T00:00:00", "id": "OPENVAS:1361412562310840656", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840656", "title": "Ubuntu Update for kde4libs USN-1110-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1110_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for kde4libs USN-1110-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1110-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840656\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"USN\", value:\"1110-1\");\n script_cve_id(\"CVE-2011-1094\", \"CVE-2011-1168\");\n script_name(\"Ubuntu Update for kde4libs USN-1110-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|9\\.10|10\\.10)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1110-1\");\n script_tag(name:\"affected\", value:\"kde4libs on Ubuntu 10.10,\n Ubuntu 10.04 LTS,\n Ubuntu 9.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that KDE KSSL did not properly verify X.509 certificates\n when the certificate was issued for an IP address. An attacker could\n exploit this to perform a man in the middle attack to view sensitive\n information or alter encrypted communications. (CVE-2011-1094)\n\n Tim Brown discovered that KDE KHTML did not properly escape URLs from\n externally generated error pages. An attacker could expoit this to conduct\n cross-site scripting attacks. With cross-site scripting vulnerabilities, if\n a user were tricked into viewing server output during a crafted server\n request, a remote attacker could exploit this to modify the contents, or\n steal confidential data (such as passwords), within the same domain.\n (CVE-2011-1168)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"kdelibs5\", ver:\"4:4.4.5-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"kdelibs5\", ver:\"4:4.3.2-0ubuntu7.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkhtml5\", ver:\"4:4.5.1-0ubuntu8.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkio5\", ver:\"4:4.5.1-0ubuntu8.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-11-23T15:16:29", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2012-06-06T00:00:00", "id": "OPENVAS:1361412562310870612", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870612", "title": "RedHat Update for kdelibs RHSA-2011:0464-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kdelibs RHSA-2011:0464-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-April/msg00023.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870612\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:34:01 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2011-1094\", \"CVE-2011-1168\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"RHSA\", value:\"2011:0464-01\");\n script_name(\"RedHat Update for kdelibs RHSA-2011:0464-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kdelibs'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"kdelibs on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The kdelibs packages provide libraries for the K Desktop Environment (KDE).\n\n A cross-site scripting (XSS) flaw was found in the way KHTML, the HTML\n layout engine used by KDE applications such as the Konqueror web browser,\n displayed certain error pages. A remote attacker could use this flaw to\n perform a cross-site scripting attack against victims by tricking them into\n visiting a specially-crafted URL. (CVE-2011-1168)\n\n A flaw was found in the way kdelibs checked the user specified hostname\n against the name in the server's SSL certificate. A man-in-the-middle\n attacker could use this flaw to trick an application using kdelibs into\n mistakenly accepting a certificate as if it was valid for the host, if that\n certificate was issued for an IP address to which the user specified\n hostname was resolved to. (CVE-2011-1094)\n\n Note: As part of the fix for CVE-2011-1094, this update also introduces\n stricter handling for wildcards used in servers' SSL certificates.\n\n Users should upgrade to these updated packages, which contain backported\n patches to correct these issues. The desktop must be restarted (log out,\n then log back in) for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdelibs\", rpm:\"kdelibs~4.3.4~11.el6_0.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-common\", rpm:\"kdelibs-common~4.3.4~11.el6_0.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-debuginfo\", rpm:\"kdelibs-debuginfo~4.3.4~11.el6_0.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-devel\", rpm:\"kdelibs-devel~4.3.4~11.el6_0.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-apidocs\", rpm:\"kdelibs-apidocs~4.3.4~11.el6_0.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-28T18:24:00", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2011-0464", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122187", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122187", "title": "Oracle Linux Local Check: ELSA-2011-0464", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0464.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122187\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:14:30 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0464\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0464 - kdelibs security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0464\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0464.html\");\n script_cve_id(\"CVE-2011-1094\", \"CVE-2011-1168\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kdelibs\", rpm:\"kdelibs~4.3.4~11.el6_0.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kdelibs-apidocs\", rpm:\"kdelibs-apidocs~4.3.4~11.el6_0.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kdelibs-common\", rpm:\"kdelibs-common~4.3.4~11.el6_0.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kdelibs-devel\", rpm:\"kdelibs-devel~4.3.4~11.el6_0.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:55:42", "bulletinFamily": "scanner", "description": "Check for the Version of shotwell", "modified": "2017-07-10T00:00:00", "published": "2011-04-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863031", "id": "OPENVAS:863031", "title": "Fedora Update for shotwell FEDORA-2011-5200", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for shotwell FEDORA-2011-5200\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"shotwell on Fedora 14\";\ntag_insight = \"Shotwell is a new open source photo organizer designed for the GNOME desktop\n environment. It allows you to import photos from your camera, view and edit\n them, and share them with others.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058679.html\");\n script_id(863031);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-22 16:44:44 +0200 (Fri, 22 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-5200\");\n script_cve_id(\"CVE-2011-1168\");\n script_name(\"Fedora Update for shotwell FEDORA-2011-5200\");\n\n script_summary(\"Check for the Version of shotwell\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"shotwell\", rpm:\"shotwell~0.8.1~3.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:55:54", "bulletinFamily": "scanner", "description": "Check for the Version of merkaartor", "modified": "2017-07-10T00:00:00", "published": "2011-04-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863023", "id": "OPENVAS:863023", "title": "Fedora Update for merkaartor FEDORA-2011-5200", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for merkaartor FEDORA-2011-5200\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Merkaartor is a small editor for OpenStreetMap available under the\n GNU General Public License and developed using the Qt toolkit.\n\n It has some unique features like anti-aliased displaying,\n transparent display of map features like roads and curved roads.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"merkaartor on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058690.html\");\n script_id(863023);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-22 16:44:44 +0200 (Fri, 22 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-5200\");\n script_cve_id(\"CVE-2011-1168\");\n script_name(\"Fedora Update for merkaartor FEDORA-2011-5200\");\n\n script_summary(\"Check for the Version of merkaartor\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"merkaartor\", rpm:\"merkaartor~0.17.2~2.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:55:55", "bulletinFamily": "scanner", "description": "Check for the Version of kdebase", "modified": "2017-07-10T00:00:00", "published": "2011-04-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863015", "id": "OPENVAS:863015", "title": "Fedora Update for kdebase FEDORA-2011-5200", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdebase FEDORA-2011-5200\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kdebase on Fedora 14\";\ntag_insight = \"Core applications for KDE 4.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058664.html\");\n script_id(863015);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-22 16:44:44 +0200 (Fri, 22 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-5200\");\n script_cve_id(\"CVE-2011-1168\");\n script_name(\"Fedora Update for kdebase FEDORA-2011-5200\");\n\n script_summary(\"Check for the Version of kdebase\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdebase\", rpm:\"kdebase~4.6.2~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:55:31", "bulletinFamily": "scanner", "description": "Check for the Version of qtpfsgui", "modified": "2017-07-10T00:00:00", "published": "2011-04-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863009", "id": "OPENVAS:863009", "title": "Fedora Update for qtpfsgui FEDORA-2011-5200", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qtpfsgui FEDORA-2011-5200\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"qtpfsgui on Fedora 14\";\ntag_insight = \"Qtpfsgui is a graphical program for assembling bracketed photos into High\n Dynamic Range (HDR) images. It also provides a number of tone-mapping\n operators for creating low dynamic range versions of HDR images.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058684.html\");\n script_id(863009);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-22 16:44:44 +0200 (Fri, 22 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-5200\");\n script_cve_id(\"CVE-2011-1168\");\n script_name(\"Fedora Update for qtpfsgui FEDORA-2011-5200\");\n\n script_summary(\"Check for the Version of qtpfsgui\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"qtpfsgui\", rpm:\"qtpfsgui~1.9.3~6.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:55:31", "bulletinFamily": "scanner", "description": "Check for the Version of kdesdk", "modified": "2017-07-10T00:00:00", "published": "2011-04-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863045", "id": "OPENVAS:863045", "title": "Fedora Update for kdesdk FEDORA-2011-5200", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kdesdk FEDORA-2011-5200\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kdesdk on Fedora 14\";\ntag_insight = \"A collection of applications and tools used by developers, including:\n * cervisia: a CVS frontend\n * kate: advanced text editor\n * kcachegrind: a browser for data produced by profiling tools (e.g. cachegrind)\n * kompare: diff tool\n * kuiviewer: displays designer's UI files\n * lokalize: computer-aided translation system focusing on productivity and performance\n * okteta: binary/hex editor\n * umbrello: UML modeller and UML diagram tool\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058685.html\");\n script_id(863045);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-22 16:44:44 +0200 (Fri, 22 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-5200\");\n script_cve_id(\"CVE-2011-1168\");\n script_name(\"Fedora Update for kdesdk FEDORA-2011-5200\");\n\n script_summary(\"Check for the Version of kdesdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdesdk\", rpm:\"kdesdk~4.6.2~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:40", "bulletinFamily": "software", "description": "==========================================================================\r\nUbuntu Security Notice USN-1110-1\r\nApril 14, 2011\r\n\r\nkde4libs vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 10.10\r\n- Ubuntu 10.04 LTS\r\n- Ubuntu 9.10\r\n\r\nSummary:\r\n\r\nAn attacker could send crafted input to Konqueror to view sensitive\r\ninformation.\r\n\r\nSoftware Description:\r\n- kde4libs: KDE 4 core applications\r\n\r\nDetails:\r\n\r\nIt was discovered that KDE KSSL did not properly verify X.509 certificates\r\nwhen the certificate was issued for an IP address. An attacker could\r\nexploit this to perform a man in the middle attack to view sensitive\r\ninformation or alter encrypted communications. (CVE-2011-1094)\r\n\r\nTim Brown discovered that KDE KHTML did not properly escape URLs from\r\nexternally generated error pages. An attacker could expoit this to conduct\r\ncross-site scripting attacks. With cross-site scripting vulnerabilities, if\r\na user were tricked into viewing server output during a crafted server\r\nrequest, a remote attacker could exploit this to modify the contents, or\r\nsteal confidential data (such as passwords), within the same domain.\r\n(CVE-2011-1168)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 10.10:\r\n libkhtml5 4:4.5.1-0ubuntu8.1\r\n libkio5 4:4.5.1-0ubuntu8.1\r\n\r\nUbuntu 10.04 LTS:\r\n kdelibs5 4:4.4.5-0ubuntu1.1\r\n\r\nUbuntu 9.10:\r\n kdelibs5 4:4.3.2-0ubuntu7.3\r\n\r\nAfter a standard system update you need to restart any applications that\r\nuse KSSL or KHTML, such as Konqueror, to make all the necessary changes.\r\n\r\nReferences:\r\n CVE-2011-1094, CVE-2011-1168\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/kde4libs/4:4.5.1-0ubuntu8.1\r\n https://launchpad.net/ubuntu/+source/kde4libs/4:4.4.5-0ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/kde4libs/4:4.3.2-0ubuntu7.3\r\n\r\n", "modified": "2011-04-19T00:00:00", "published": "2011-04-19T00:00:00", "id": "SECURITYVULNS:DOC:26169", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26169", "title": "[USN-1110-1] KDE-Libs vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:15", "bulletinFamily": "unix", "description": "It was discovered that KDE KSSL did not properly verify X.509 certificates when the certificate was issued for an IP address. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2011-1094)\n\nTim Brown discovered that KDE KHTML did not properly escape URLs from externally generated error pages. An attacker could expoit this to conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2011-1168)", "modified": "2011-04-14T00:00:00", "published": "2011-04-14T00:00:00", "id": "USN-1110-1", "href": "https://usn.ubuntu.com/1110-1/", "title": "KDE-Libs vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "redhat": [{"lastseen": "2018-12-11T19:43:02", "bulletinFamily": "unix", "description": "The kdelibs packages provide libraries for the K Desktop Environment (KDE).\n\nA cross-site scripting (XSS) flaw was found in the way KHTML, the HTML\nlayout engine used by KDE applications such as the Konqueror web browser,\ndisplayed certain error pages. A remote attacker could use this flaw to\nperform a cross-site scripting attack against victims by tricking them into\nvisiting a specially-crafted URL. (CVE-2011-1168)\n\nA flaw was found in the way kdelibs checked the user specified hostname\nagainst the name in the server's SSL certificate. A man-in-the-middle\nattacker could use this flaw to trick an application using kdelibs into\nmistakenly accepting a certificate as if it was valid for the host, if that\ncertificate was issued for an IP address to which the user specified\nhostname was resolved to. (CVE-2011-1094)\n\nNote: As part of the fix for CVE-2011-1094, this update also introduces\nstricter handling for wildcards used in servers' SSL certificates.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The desktop must be restarted (log out,\nthen log back in) for this update to take effect.\n", "modified": "2018-06-06T20:24:27", "published": "2011-04-21T04:00:00", "id": "RHSA-2011:0464", "href": "https://access.redhat.com/errata/RHSA-2011:0464", "type": "redhat", "title": "(RHSA-2011:0464) Moderate: kdelibs security update", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:19:55", "bulletinFamily": "exploit", "description": "", "modified": "2011-04-12T00:00:00", "published": "2011-04-12T00:00:00", "id": "PACKETSTORM:100326", "href": "https://packetstormsecurity.com/files/100326/Konqueror-4.4.x-4.5.x-4.6.x-HTML-Injection.html", "title": "Konqueror 4.4.x / 4.5.x / 4.6.x HTML Injection", "type": "packetstorm", "sourceData": "`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA256 \n \nNth Dimension Security Advisory (NDSA20110321) \nDate: 21st March 2011 \nAuthor: Tim Brown <mailto:timb@nth-dimension.org.uk> \nURL: <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/> \nProduct: Konqueror 4.4.x, 4.5.x, 4.6.x <http://konqueror.kde.org/> \nVendor: KDE <http://www.kde.org/> \nRisk: Medium \n \nSummary \n \nThe Konqueror web browser is vulnerable to HTML injection into the error \npages that are displayed when it fails to fetch the requested URL. This \ncould allow an arbitrary web site to be spoofed. \n \nAfter discussions with the vendor, CVE-2011-1168 was assigned to this \nvulnerability. \n \nTechnical Details \n \nKonqueror 4.4.x, 4.5.x and 4.6.x are affected by HTML injection which allows \nan arbitrary URL to be spoofed. Opening a fresh instance of Konqueror and \nentering the following URL causes the error page HTML to become corrupted: \n \nhttp://thisdomainwillnotresolveandrekonqerrorpagewillbeshownwithfullurlembedded.twitter.com/\"><h1>Test</h1> \n \nSince Konqueror fails to resolve the hostname it will then will display an \nerror message containing the requested URL including the HTML tags. \n \nIt is worth noting that Javascript execution does not appear to be possible \nin the context of the unresolvable hostname for two reasons. Firstly \nKonqueror disables Javascript within KHTMLPart::htmlError() (between the \ncalls to begin() and end() and secondly because the code executes in an \nempty domain preventing the cookies for the spoofed URL from being accessed. \nWhilst the first of these restrictions could be bypassed in a number of \nways (see below), no method has currently been identified to bypass the \nlatter to break Konqueror's same origin policy. \n \nIt was identified that the first restriction could be bypassed at least two \nways. Firstly a link can be injected with a URL in the form javascript:... \nand secondly an iframe can be injected with a source URL in the form \ndata:text/html,... In the first case, Konqueror only interprets the link \nat the point of clicking (after Javascript has been reenabled) whilst in \nthe latter, Konqueror does not disable Javascript during the parsing of the \nsource for this iframe (i.e. between the calls to begin() and end()). \n \nThe following URL demonstrates how HTML can be injected which both takes \ncontrol of the entire visible DOM by overriding the error page styles \nfor an arbitrary \"secure\" URL and then allows Javascript to be executed \nin the victims browser: \n \nhttps://secure.twitter.com/</title></head><body><style>body{margin: 10px 0; background:#C0DEED url(http://si0.twimg.com/sticky/error_pages/bg-clouds.png) repeat-x; color:%23333; font: 12px Lucida Grande, Arial, sans-serif; text-align:center};%23box {display: none}</style></div><br/><br/><br/><br/><br/><br/><br/><br/><br/><iframe width=25%25 height=180 frameBorder=0 src='data:text/html,<body style=\"background-color:transparent\"><img src=http://si0.twimg.com/sticky/error_pages/twitter_logo_header.png><a><form><p>Username: <input type=text></p><p>Password: <input type=password></p><input type=submit value=Login></form><script>alert(1)</script></body>'><div id=\"box\"> \n \nSolutions \n \nNth Dimension recommends that the vendor supplied patches should be applied. \n \nHistory \n \nOn 16th March 2011, Nth Dimension contacted the KDE security team to \nreport the described vulnerability. \n \nOn 17th March 2011, Harri Porten of KDE confirmed that he had recieved \nthe report and it had been escalated to Maksim Orlovich, a KDE developer \nworking on KHTML to determine the impact. \n \nNth Dimension worked with the Maksim to evaluate the full extent \nof the problem, particulary in relation to the bypass of the Javascript \nrestriction as any same origin policy implications and an interim patch \nwas produced. \n \nOn 18th March 2011, Nth Dimension contacted Josh Bressers on behalf of \nthe KDE security team to request a CVE for this vulnerability which was \nduely assigned. \n \nFollowing the assigment of a CVE for this issue, Nth Dimension and KDE \nliased to establish a date for final publication of the advisory and \npatches. \n \nCurrent \n \nAs of the 23rd March 2011, the state of the vulnerabilities is believed to \nbe as follows. A patch has been developed which it is believed successfully \nmitigates the final symptoms of this vulnerability. This patch has been \nported to 4.4.x, 4.5.x and 4.6.x branches of KDE and will be made available \nto distributions in due course. \n \nThanks \n \nNth Dimension would like to thank Maksim Orlovich and Jeff Mitchell of KDE \nand Josh Bressers of Redhat for the way they worked to resolve the issue. \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.4.11 (GNU/Linux) \n \niQIcBAEBCAAGBQJNiUQHAAoJEPJhpTVyySo7fmgP/Ak3XF7fMSjoJ+tJTb2ZwAl3 \n/6L94CTaDVS4GFhCwYjSQXajmPpUcEfkRYRyScg1ABrIDt1301s+tuA4CrR540k3 \n8eTPBSi/brbg+zsQHJZaubBanxOPV3gnZR9jBlTD3+1N1g7PZj1x3A97ijEcVDV+ \nwbWVVu2CAxrLAkpZMLebqztssPrLV87Q90JBPehJorKEx+kKVkPzyh1X/XoQC9Er \n4YLxlhc8NScATNqAci2r54mMbXKqmsXvRLA23rw299y/B1Qd0fkRtY/X72Wguedh \nO97X/aAvojJw61BQ/rzsq0otnjGQfYQUtRNAdhdoQ0Eh+v3mlea/3PFugXMjyxTr \nqNO5blYvoeJ409XpmzOXgpk5j8gfUPiOkVFcU0AgMa2e600tZjJ76BpNfmiq3m+e \ng94vHYLvu1koG7ZzuZIQHfbtK8WUfM8W+bXpkRqmsxH0a5AOYqTjbJtWdskIipvp \ngUhfQmpCazqkK7ym4IWe44N1mMx2EJX3gWXtw/LETk+S5QX+DdJOUI1igIbJVZT6 \nBpqGG6tVFdPyus8X6AjP+GyhgvZSnziiXqha6D9kvWusVCzYVsP9+56wvWSDIgCn \ndZM5eSJphEYVaEaX86tpulYOXyxLAjrYrldghX0AEcDmFk9d8qwfXG4N4xcOkSO5 \nrGKhyY/jLYu1iU4szvI3 \n=nbIX \n-----END PGP SIGNATURE----- \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/100326/NDSA20110321.txt", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
