{"cve": [{"lastseen": "2017-08-08T11:24:36", "bulletinFamily": "NVD", "description": "start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via \"user-influenceable input\" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes.", "modified": "2017-08-07T21:30:21", "published": "2008-04-28T13:05:00", "id": "CVE-2008-1671", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1671", "title": "CVE-2008-1671", "type": "cve", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:10:55", "bulletinFamily": "scanner", "description": "Start_kdeinit did not handle unix signals the right way (CVE-2008-1671)", "modified": "2014-06-13T00:00:00", "id": "SUSE_KDELIBS3-5223.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32179", "published": "2008-05-09T00:00:00", "title": "openSUSE 10 Security Update : kdelibs3 (kdelibs3-5223)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kdelibs3-5223.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32179);\n script_version (\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:11:36 $\");\n\n script_cve_id(\"CVE-2008-1671\");\n\n script_name(english:\"openSUSE 10 Security Update : kdelibs3 (kdelibs3-5223)\");\n script_summary(english:\"Check for the kdelibs3-5223 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Start_kdeinit did not handle unix signals the right way\n(CVE-2008-1671)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs3-arts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs3-arts-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs3-default-style\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs3-default-style-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kdelibs3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kdelibs3-3.5.7-72.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kdelibs3-arts-3.5.7-72.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kdelibs3-default-style-3.5.7-72.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kdelibs3-devel-3.5.7-72.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"kdelibs3-32bit-3.5.7-72.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"kdelibs3-arts-32bit-3.5.7-72.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"kdelibs3-default-style-32bit-3.5.7-72.9\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs3\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:11:41", "bulletinFamily": "scanner", "description": "A vulnerability was found in start_kdeinit in KDE 3.5.5 through 3.5.9 where, if it was installed setuid root, it could allow local users to cause a denial of service or possibly execute arbitrary code (CVE-2008-1671).\n\nBy default, start_kdeinit is not installed setuid root on Mandriva Linux, however updated packages have been patched to correct this issue.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2008-097.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=36729", "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : kdelibs (MDVSA-2008:097)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:097. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36729);\n script_version (\"1.11\");\n script_cvs_date(\"Date: 2018/07/19 20:59:15\");\n\n script_cve_id(\"CVE-2008-1671\");\n script_xref(name:\"MDVSA\", value:\"2008:097\");\n\n script_name(english:\"Mandriva Linux Security Advisory : kdelibs (MDVSA-2008:097)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was found in start_kdeinit in KDE 3.5.5 through 3.5.9\nwhere, if it was installed setuid root, it could allow local users to\ncause a denial of service or possibly execute arbitrary code\n(CVE-2008-1671).\n\nBy default, start_kdeinit is not installed setuid root on Mandriva\nLinux, however updated packages have been patched to correct this\nissue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdelibs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdelibs-devel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdecore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdecore4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdecore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdecore4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"kdelibs-common-3.5.7-43.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"kdelibs-devel-doc-3.5.7-43.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64kdecore4-3.5.7-43.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64kdecore4-devel-3.5.7-43.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libkdecore4-3.5.7-43.8mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libkdecore4-devel-3.5.7-43.8mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"kdelibs-common-3.5.9-10.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"kdelibs-devel-doc-3.5.9-10.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64kdecore4-3.5.9-10.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64kdecore4-devel-3.5.9-10.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libkdecore4-3.5.9-10.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libkdecore4-devel-3.5.9-10.1mdv2008.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:10:54", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200804-30 (KDE start_kdeinit: Multiple vulnerabilities)\n\n Vulnerabilities have been reported in the processing of user-controlled data by start_kdeinit, which is setuid root by default.\n Impact :\n\n A local attacker could possibly execute arbitrary code with root privileges, cause a Denial of Service or send Unix signals to other processes, when start_kdeinit is setuid root.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2015-04-13T00:00:00", "id": "GENTOO_GLSA-200804-30.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32111", "published": "2008-05-01T00:00:00", "title": "GLSA-200804-30 : KDE start_kdeinit: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200804-30.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32111);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2015/04/13 14:04:25 $\");\n\n script_cve_id(\"CVE-2008-1671\");\n script_xref(name:\"GLSA\", value:\"200804-30\");\n\n script_name(english:\"GLSA-200804-30 : KDE start_kdeinit: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200804-30\n(KDE start_kdeinit: Multiple vulnerabilities)\n\n Vulnerabilities have been reported in the processing of user-controlled\n data by start_kdeinit, which is setuid root by default.\n \nImpact :\n\n A local attacker could possibly execute arbitrary code with root\n privileges, cause a Denial of Service or send Unix signals to other\n processes, when start_kdeinit is setuid root.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200804-30\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All kdelibs users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=kde-base/kdelibs-3.5.8-r4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"kde-base/kdelibs\", unaffected:make_list(\"rge 3.5.8-r4\", \"rge 3.5.9-r3\", \"gt 4.0\", \"lt 3.5.5\", \"rge 3.5.10-r2\"), vulnerable:make_list(\"lt 4.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"KDE start_kdeinit\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:10:53", "bulletinFamily": "scanner", "description": "New kdelibs packages are available for Slackware 12.0 and -current to fix a security issue.", "modified": "2018-11-19T00:00:00", "id": "SLACKWARE_SSA_2008-116-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32056", "published": "2008-04-28T00:00:00", "title": "Slackware 12.0 / current : kdelibs (SSA:2008-116-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2008-116-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32056);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/19 11:02:42\");\n\n script_cve_id(\"CVE-2008-1671\");\n script_xref(name:\"SSA\", value:\"2008-116-01\");\n\n script_name(english:\"Slackware 12.0 / current : kdelibs (SSA:2008-116-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New kdelibs packages are available for Slackware 12.0 and -current to\nfix a security issue.\"\n );\n # http://www.kde.org/info/security/advisory-20080426-2.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.kde.org/info/security/advisory-20080426-2.txt\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.375422\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?db5f8e8b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.0\", pkgname:\"kdelibs\", pkgver:\"3.5.7\", pkgarch:\"i486\", pkgnum:\"4_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"kdelibs\", pkgver:\"3.5.9\", pkgarch:\"i486\", pkgnum:\"4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:10:55", "bulletinFamily": "scanner", "description": "It was discovered that start_kdeinit in KDE 3 did not properly sanitize its input. A local attacker could exploit this to send signals to other processes and cause a denial of service or possibly execute arbitrary code. (CVE-2008-1671).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "UBUNTU_USN-608-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32188", "published": "2008-05-09T00:00:00", "title": "Ubuntu 7.04 / 7.10 / 8.04 LTS : kdelibs vulnerability (USN-608-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-608-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32188);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/28 11:42:05\");\n\n script_cve_id(\"CVE-2008-1671\");\n script_xref(name:\"USN\", value:\"608-1\");\n\n script_name(english:\"Ubuntu 7.04 / 7.10 / 8.04 LTS : kdelibs vulnerability (USN-608-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that start_kdeinit in KDE 3 did not properly\nsanitize its input. A local attacker could exploit this to send\nsignals to other processes and cause a denial of service or possibly\nexecute arbitrary code. (CVE-2008-1671).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/608-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs4-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs4c2a\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(7\\.04|7\\.10|8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 7.04 / 7.10 / 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"7.04\", pkgname:\"kdelibs\", pkgver:\"3.5.6-0ubuntu14.3\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"kdelibs-data\", pkgver:\"3.5.6-0ubuntu14.3\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"kdelibs-dbg\", pkgver:\"3.5.6-0ubuntu14.3\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"kdelibs4-dev\", pkgver:\"3.5.6-0ubuntu14.3\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"kdelibs4-doc\", pkgver:\"3.5.6-0ubuntu14.3\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"kdelibs4c2a\", pkgver:\"4:3.5.6-0ubuntu14.3\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"kdelibs\", pkgver:\"3.5.8-0ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"kdelibs-data\", pkgver:\"3.5.8-0ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"kdelibs-dbg\", pkgver:\"3.5.8-0ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"kdelibs4-dev\", pkgver:\"3.5.8-0ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"kdelibs4-doc\", pkgver:\"3.5.8-0ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"kdelibs4c2a\", pkgver:\"4:3.5.8-0ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"kdelibs\", pkgver:\"3.5.9-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"kdelibs-data\", pkgver:\"3.5.9-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"kdelibs-dbg\", pkgver:\"3.5.9-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"kdelibs4-dev\", pkgver:\"3.5.9-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"kdelibs4-doc\", pkgver:\"3.5.9-0ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"kdelibs4c2a\", pkgver:\"4:3.5.9-0ubuntu7.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs / kdelibs-data / kdelibs-dbg / kdelibs4-dev / kdelibs4-doc / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:57:08", "bulletinFamily": "scanner", "description": "Check for the Version of kdelibs", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830565", "id": "OPENVAS:830565", "title": "Mandriva Update for kdelibs MDVSA-2008:097 (kdelibs)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for kdelibs MDVSA-2008:097 (kdelibs)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was found in start_kdeinit in KDE 3.5.5 through\n 3.5.9 where, if it was installed setuid root, it could allow local\n users to cause a denial of service or possibly execute arbitrary code\n (CVE-2008-1671).\n\n By default, start_kdeinit is not installed setuid root on Mandriva\n Linux, however updated packages have been patched to correct this\n issue.\";\n\ntag_affected = \"kdelibs on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-05/msg00007.php\");\n script_id(830565);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:097\");\n script_cve_id(\"CVE-2008-1671\");\n script_name( \"Mandriva Update for kdelibs MDVSA-2008:097 (kdelibs)\");\n\n script_summary(\"Check for the Version of kdelibs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdelibs-common\", rpm:\"kdelibs-common~3.5.7~43.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-devel-doc\", rpm:\"kdelibs-devel-doc~3.5.7~43.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkdecore4\", rpm:\"libkdecore4~3.5.7~43.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkdecore4-devel\", rpm:\"libkdecore4-devel~3.5.7~43.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs\", rpm:\"kdelibs~3.5.7~43.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kdecore4\", rpm:\"lib64kdecore4~3.5.7~43.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kdecore4-devel\", rpm:\"lib64kdecore4-devel~3.5.7~43.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdelibs-common\", rpm:\"kdelibs-common~3.5.9~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-devel-doc\", rpm:\"kdelibs-devel-doc~3.5.9~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkdecore4\", rpm:\"libkdecore4~3.5.9~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkdecore4-devel\", rpm:\"libkdecore4-devel~3.5.9~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs\", rpm:\"kdelibs~3.5.9~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kdecore4\", rpm:\"lib64kdecore4~3.5.9~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kdecore4-devel\", rpm:\"lib64kdecore4-devel~3.5.9~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:54", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2008-116-01.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60876", "id": "OPENVAS:60876", "title": "Slackware Advisory SSA:2008-116-01 kdelibs", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2008_116_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New kdelibs packages are available for Slackware 12.0 and -current to\nfix a security issue.\n\nMore details about this issue may be found from the KDE web site:\n\nhttp://www.kde.org/info/security/advisory-20080426-2.txt\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2008-116-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2008-116-01\";\n \nif(description)\n{\n script_id(60876);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2008-1671\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2008-116-01 kdelibs \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"kdelibs\", ver:\"3.5.7-i486-4_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:52", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200804-30.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60874", "id": "OPENVAS:60874", "title": "Gentoo Security Advisory GLSA 200804-30 (kdelibs)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in start_kdeinit could possibly allow a local\nattacker to execute arbitrary code with root privileges.\";\ntag_solution = \"All kdelibs users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=kde-base/kdelibs-3.5.8-r4'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200804-30\nhttp://bugs.gentoo.org/show_bug.cgi?id=218933\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200804-30.\";\n\n \n\nif(description)\n{\n script_id(60874);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-1671\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200804-30 (kdelibs)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"kde-base/kdelibs\", unaffected: make_list(\"rge 3.5.8-r4\", \"rge 3.5.9-r3\", \"gt 4.0\", \"lt 3.5.5\"), vulnerable: make_list(\"lt 4.0\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:27:58", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-608-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840303", "id": "OPENVAS:840303", "title": "Ubuntu Update for kdelibs vulnerability USN-608-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_608_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for kdelibs vulnerability USN-608-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that start_kdeinit in KDE 3 did not properly sanitize\n its input. A local attacker could exploit this to send signals to other\n processes and cause a denial of service or possibly execute arbitrary\n code. (CVE-2008-1671)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-608-1\";\ntag_affected = \"kdelibs vulnerability on Ubuntu 7.04 ,\n Ubuntu 7.10 ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-608-1/\");\n script_id(840303);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"608-1\");\n script_cve_id(\"CVE-2008-1671\");\n script_name( \"Ubuntu Update for kdelibs vulnerability USN-608-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"kdelibs-dbg\", ver:\"3.5.6-0ubuntu14.3\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs4-dev\", ver:\"3.5.6-0ubuntu14.3\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs4c2a\", ver:\"3.5.6-0ubuntu14.3\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs-data\", ver:\"3.5.6-0ubuntu14.3\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs4-doc\", ver:\"3.5.6-0ubuntu14.3\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs\", ver:\"3.5.6-0ubuntu14.3\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"kdelibs-dbg\", ver:\"3.5.9-0ubuntu7.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs4-dev\", ver:\"3.5.9-0ubuntu7.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs4c2a\", ver:\"3.5.9-0ubuntu7.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs-data\", ver:\"3.5.9-0ubuntu7.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs4-doc\", ver:\"3.5.9-0ubuntu7.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs\", ver:\"3.5.9-0ubuntu7.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"kdelibs-dbg\", ver:\"3.5.8-0ubuntu3.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs4-dev\", ver:\"3.5.8-0ubuntu3.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs4c2a\", ver:\"3.5.8-0ubuntu3.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs-data\", ver:\"3.5.8-0ubuntu3.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs4-doc\", ver:\"3.5.8-0ubuntu3.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs\", ver:\"3.5.8-0ubuntu3.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:32", "bulletinFamily": "scanner", "description": "Check for the Version of kdelibs", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830565", "id": "OPENVAS:1361412562310830565", "type": "openvas", "title": "Mandriva Update for kdelibs MDVSA-2008:097 (kdelibs)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for kdelibs MDVSA-2008:097 (kdelibs)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was found in start_kdeinit in KDE 3.5.5 through\n 3.5.9 where, if it was installed setuid root, it could allow local\n users to cause a denial of service or possibly execute arbitrary code\n (CVE-2008-1671).\n\n By default, start_kdeinit is not installed setuid root on Mandriva\n Linux, however updated packages have been patched to correct this\n issue.\";\n\ntag_affected = \"kdelibs on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-05/msg00007.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830565\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:097\");\n script_cve_id(\"CVE-2008-1671\");\n script_name( \"Mandriva Update for kdelibs MDVSA-2008:097 (kdelibs)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of kdelibs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdelibs-common\", rpm:\"kdelibs-common~3.5.7~43.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-devel-doc\", rpm:\"kdelibs-devel-doc~3.5.7~43.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkdecore4\", rpm:\"libkdecore4~3.5.7~43.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkdecore4-devel\", rpm:\"libkdecore4-devel~3.5.7~43.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs\", rpm:\"kdelibs~3.5.7~43.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kdecore4\", rpm:\"lib64kdecore4~3.5.7~43.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kdecore4-devel\", rpm:\"lib64kdecore4-devel~3.5.7~43.8mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdelibs-common\", rpm:\"kdelibs-common~3.5.9~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-devel-doc\", rpm:\"kdelibs-devel-doc~3.5.9~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkdecore4\", rpm:\"libkdecore4~3.5.9~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkdecore4-devel\", rpm:\"libkdecore4-devel~3.5.9~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs\", rpm:\"kdelibs~3.5.9~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kdecore4\", rpm:\"lib64kdecore4~3.5.9~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kdecore4-devel\", rpm:\"lib64kdecore4-devel~3.5.9~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:01:13", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2008-116-01.", "modified": "2018-04-06T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231060876", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231060876", "title": "Slackware Advisory SSA:2008-116-01 kdelibs", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2008_116_01.nasl 9352 2018-04-06 07:13:02Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New kdelibs packages are available for Slackware 12.0 and -current to\nfix a security issue.\n\nMore details about this issue may be found from the KDE web site:\n\nhttp://www.kde.org/info/security/advisory-20080426-2.txt\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2008-116-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2008-116-01\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.60876\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_cve_id(\"CVE-2008-1671\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 9352 $\");\n name = \"Slackware Advisory SSA:2008-116-01 kdelibs \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"kdelibs\", ver:\"3.5.7-i486-4_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:54", "bulletinFamily": "unix", "description": "It was discovered that start_kdeinit in KDE 3 did not properly sanitize its input. A local attacker could exploit this to send signals to other processes and cause a denial of service or possibly execute arbitrary code. (CVE-2008-1671)", "modified": "2008-05-06T00:00:00", "published": "2008-05-06T00:00:00", "id": "USN-608-1", "href": "https://usn.ubuntu.com/608-1/", "title": "KDE vulnerability", "type": "ubuntu", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:33", "bulletinFamily": "unix", "description": "### Background\n\nKDE is a feature-rich graphical desktop environment for Linux and Unix-like operating systems. start_kdeinit is a wrapper for kdeinit. \n\n### Description\n\nVulnerabilities have been reported in the processing of user-controlled data by start_kdeinit, which is setuid root by default. \n\n### Impact\n\nA local attacker could possibly execute arbitrary code with root privileges, cause a Denial of Service or send Unix signals to other processes, when start_kdeinit is setuid root. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll kdelibs users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kdelibs-3.5.8-r4\"", "modified": "2009-04-08T00:00:00", "published": "2008-04-29T00:00:00", "id": "GLSA-200804-30", "href": "https://security.gentoo.org/glsa/200804-30", "type": "gentoo", "title": "KDE start_kdeinit: Multiple vulnerabilities", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:26", "bulletinFamily": "software", "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200804-30\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: High\r\n Title: KDE start_kdeinit: Multiple vulnerabilities\r\n Date: April 29, 2008\r\n Bugs: #218933\r\n ID: 200804-30\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nMultiple vulnerabilities in start_kdeinit could possibly allow a local\r\nattacker to execute arbitrary code with root privileges.\r\n\r\nBackground\r\n==========\r\n\r\nKDE is a feature-rich graphical desktop environment for Linux and\r\nUnix-like operating systems. start_kdeinit is a wrapper for kdeinit.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 kde-base/kdelibs < 4.0 *>= 3.5.8-r4\r\n *>= 3.5.9-r3\r\n > 4.0\r\n < 3.5.5\r\n\r\nDescription\r\n===========\r\n\r\nVulnerabilities have been reported in the processing of user-controlled\r\ndata by start_kdeinit, which is setuid root by default.\r\n\r\nImpact\r\n======\r\n\r\nA local attacker could possibly execute arbitrary code with root\r\nprivileges, cause a Denial of Service or send Unix signals to other\r\nprocesses, when start_kdeinit is setuid root.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll kdelibs users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=kde-base/kdelibs-3.5.8-r4"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2008-1671\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1671\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200804-30.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2008 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5\r\n", "modified": "2008-04-29T00:00:00", "published": "2008-04-29T00:00:00", "id": "SECURITYVULNS:DOC:19750", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19750", "title": "[Full-disclosure] [ GLSA 200804-30 ] KDE start_kdeinit: Multiple vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T00:37:02", "bulletinFamily": "unix", "description": "New kdelibs packages are available for Slackware 12.0 and -current to\nfix a security issue.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1671\n\nAs well as from the KDE web site:\n \n http://www.kde.org/info/security/advisory-20080426-2.txt\n\n\nHere are the details from the Slackware 12.0 ChangeLog:\n\npatches/packages/kdelibs-3.5.7-i486-4_slack12.0.tgz:\n Patched to fix a security problem.\n From the KDE advisory: "If start_kdeinit is installed as setuid root, a\n local user might be able to send unix signals to other processes, cause\n a denial of service or even possibly execute arbitrary code."\n This issue affects KDE 3.5.5 through KDE 3.5.9.\n We recommend upgrading to the new kdelibs package as soon as possible.\n For more information, see:\n http://www.kde.org/info/security/advisory-20080426-2.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1671\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/kdelibs-3.5.7-i486-4_slack12.0.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/kde/kdelibs-3.5.9-i486-4.tgz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\n53e51139abaecf5e2c14c2ac6cb144c0 kdelibs-3.5.7-i486-4_slack12.0.tgz\n\nSlackware -current package:\n9ed2e334f6c2f2f07a9e6e7948739413 kdelibs-3.5.9-i486-4.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg kdelibs-3.5.7-i486-4_slack12.0.tgz", "modified": "2008-04-25T22:04:40", "published": "2008-04-25T22:04:40", "id": "SSA-2008-116-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.375422", "title": "kdelibs", "type": "slackware", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T21:42:58", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 28938\r\nCVE(CAN) ID: CVE-2008-1671\r\n\r\nKDE\u662f\u4e00\u4e2a\u4e3aUNIX\u5de5\u4f5c\u7ad9\u8bbe\u8ba1\u7684\u5f3a\u5927\u7684\u5f00\u6e90\u56fe\u5f62\u684c\u9762\u73af\u5883\u3002\r\n\r\nstart_kdeinit\u662fKDE\u4f7f\u7528\u7684\u7528\u4e8e\u542f\u52a8kdeinit\u7684\u5c01\u88c5\u7a0b\u5e8f\uff0c\u9ed8\u8ba4\u4e0bstart_kdeinit\u662f\u4ee5setuid root\u5b89\u88c5\u7684\uff0c\u8fd9\u5141\u8bb8\u672c\u5730\u7528\u6237\u5411\u5176\u4ed6\u8fdb\u7a0b\u53d1\u9001Unix\u4fe1\u53f7\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\n\n\nKDE 3.5.5 - 3.5.9\n KDE\r\n---\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=ftp://ftp.kde.org/pub/kde/security_patches/post-kde-3.5.5-kinit.diff target=_blank>ftp://ftp.kde.org/pub/kde/security_patches/post-kde-3.5.5-kinit.diff</a>", "modified": "2008-04-29T00:00:00", "published": "2008-04-29T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3231", "id": "SSV:3231", "type": "seebug", "title": "KDE start_kdeinit\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
