Vulnerabilities > CVE-2002-1247 - Local Buffer Overflow vulnerability in KDE Network RESLISA LOGNAME

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
kde
lisa
nessus

Summary

Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2003-003.NASL
    descriptionA security issue has been found in KDE. This errata provides updates which resolve these issues. KDE is a graphical desktop environment for the X Window System. KDE fails in multiple places to properly quote URLs and filenames before passing them to a command shell. This could allow remote attackers to execute arbitrary commands through carefully crafted URLs, filenames, or email addresses. Users of KDE are advised to install the updated packages which contain backported patches to correct this issue. Please note that for the Itanium (IA64) architecture only, this update also fixes several other vulnerabilities. Details concerning these vulnerabilities can be found in advisory RHSA-2002:221 and correspond to CVE names CVE-2002-0970, CVE-2002-1151, CVE-2002-1247, and CVE-2002-1306.
    last seen2020-06-01
    modified2020-06-02
    plugin id12347
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12347
    titleRHEL 2.1 : kdelibs (RHSA-2003:003)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2003:003. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(12347);
      script_version ("1.25");
      script_cvs_date("Date: 2019/10/25 13:36:10");
    
      script_cve_id("CVE-2002-1393");
      script_xref(name:"RHSA", value:"2003:003");
    
      script_name(english:"RHEL 2.1 : kdelibs (RHSA-2003:003)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A security issue has been found in KDE. This errata provides updates
    which resolve these issues.
    
    KDE is a graphical desktop environment for the X Window System.
    
    KDE fails in multiple places to properly quote URLs and filenames
    before passing them to a command shell. This could allow remote
    attackers to execute arbitrary commands through carefully crafted
    URLs, filenames, or email addresses.
    
    Users of KDE are advised to install the updated packages which contain
    backported patches to correct this issue.
    
    Please note that for the Itanium (IA64) architecture only, this update
    also fixes several other vulnerabilities. Details concerning these
    vulnerabilities can be found in advisory RHSA-2002:221 and correspond
    to CVE names CVE-2002-0970, CVE-2002-1151, CVE-2002-1247, and
    CVE-2002-1306."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2002-1393"
      );
      # http://www.kde.org/info/security/advisory-20021220-1.txt
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.kde.org/info/security/advisory-20021220-1.txt"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2003:003"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:arts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdebase");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdebase-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdegames");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdegraphics");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdegraphics-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs-sound");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs-sound-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdemultimedia");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdemultimedia-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdenetwork");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdenetwork-ppp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdepim");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdepim-cellphone");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdepim-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdepim-pilot");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdesdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdesdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdeutils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/01/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2003/02/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2003:003";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"arts-2.2.2-6")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdebase-2.2.2-6")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdebase-devel-2.2.2-6")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdegames-2.2.2-2")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdegraphics-2.2.2-3")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdegraphics-devel-2.2.2-3")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-2.2.2-6")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-devel-2.2.2-6")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-sound-2.2.2-6")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-sound-devel-2.2.2-6")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdemultimedia-2.2.2-4")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdemultimedia-devel-2.2.2-4")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdenetwork-2.2.2-3")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdenetwork-ppp-2.2.2-3")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdepim-2.2.2-4")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdepim-cellphone-2.2.2-4")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdepim-devel-2.2.2-4")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdepim-pilot-2.2.2-4")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdesdk-2.2.2-2")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdesdk-devel-2.2.2-2")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdeutils-2.2.2-2")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "arts / kdebase / kdebase-devel / kdegames / kdegraphics / etc");
      }
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-193.NASL
    descriptioniDEFENSE reports a security vulnerability in the klisa package, that provides a LAN information service similar to
    last seen2020-06-01
    modified2020-06-02
    plugin id15030
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15030
    titleDebian DSA-193-1 : kdenetwork - buffer overflow
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-193. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15030);
      script_version("1.18");
      script_cvs_date("Date: 2019/08/02 13:32:17");
    
      script_cve_id("CVE-2002-1247");
      script_bugtraq_id(6157);
      script_xref(name:"DSA", value:"193");
    
      script_name(english:"Debian DSA-193-1 : kdenetwork - buffer overflow");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "iDEFENSE reports a security vulnerability in the klisa package, that
    provides a LAN information service similar to 'Network Neighbourhood',
    which was discovered by Texonet. It is possible for a local attacker
    to exploit a buffer overflow condition in resLISa, a restricted
    version of KLISa. The vulnerability exists in the parsing of the
    LOGNAME environment variable, an overly long value will overwrite the
    instruction pointer thereby allowing an attacker to seize control of
    the executable."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.idefense.com/advisory/11.11.02.txt"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2002/dsa-193"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the klisa package immediately.
    
    This problem has been fixed in version 2.2.2-14.2 for the current
    stable distribution (woody) and in version 2.2.2-14.3 for the unstable
    distribution (sid). The old stable distribution (potato) is not
    affected since it doesn't contain a kdenetwork package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kdenetwork");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2002/11/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"kdict", reference:"2.2.2-14.2")) flag++;
    if (deb_check(release:"3.0", prefix:"kit", reference:"2.2.2-14.2")) flag++;
    if (deb_check(release:"3.0", prefix:"klisa", reference:"2.2.2-14.2")) flag++;
    if (deb_check(release:"3.0", prefix:"kmail", reference:"2.2.2-14.2")) flag++;
    if (deb_check(release:"3.0", prefix:"knewsticker", reference:"2.2.2-14.2")) flag++;
    if (deb_check(release:"3.0", prefix:"knode", reference:"2.2.2-14.2")) flag++;
    if (deb_check(release:"3.0", prefix:"korn", reference:"2.2.2-14.2")) flag++;
    if (deb_check(release:"3.0", prefix:"kppp", reference:"2.2.2-14.2")) flag++;
    if (deb_check(release:"3.0", prefix:"ksirc", reference:"2.2.2-14.2")) flag++;
    if (deb_check(release:"3.0", prefix:"ktalkd", reference:"2.2.2-14.2")) flag++;
    if (deb_check(release:"3.0", prefix:"libkdenetwork1", reference:"2.2.2-14.2")) flag++;
    if (deb_check(release:"3.0", prefix:"libmimelib-dev", reference:"2.2.2-14.2")) flag++;
    if (deb_check(release:"3.0", prefix:"libmimelib1", reference:"2.2.2-14.2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2002-080.NASL
    descriptionThe SuSE security team discovered two vulnerabilities in the KDE lanbrowsing service during an audit. The LISa network daemon and
    last seen2020-06-01
    modified2020-06-02
    plugin id13978
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13978
    titleMandrake Linux Security Advisory : kdenetwork (MDKSA-2002:080)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2002:080. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(13978);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:46");
    
      script_cve_id("CVE-2002-1247", "CVE-2002-1306");
      script_xref(name:"MDKSA", value:"2002:080");
    
      script_name(english:"Mandrake Linux Security Advisory : kdenetwork (MDKSA-2002:080)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SuSE security team discovered two vulnerabilities in the KDE
    lanbrowsing service during an audit. The LISa network daemon and
    'reslisa', a restricted version of LISa are used to identify servers
    on the local network by using the URL type 'lan://' and 'rlan://'
    respectively. A buffer overflow was discovered in the lisa daemon that
    can be exploited by an attacker on the local network to obtain root
    privilege on a machine running the lisa daemon. Another buffer
    overflow was found in the lan:// URL handler, which can be exploited
    by a remote attacker to gain access to the victim user's account.
    
    Only Mandrake Linux 9.0 comes with the LISa network daemon; all
    previous versions do not contain the network daemon and are as such
    not vulnerable."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.kde.org/info/security/advisory-20021111-2.txt"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected kdenetwork, kdenetwork-devel and / or lisa
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdenetwork");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdenetwork-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lisa");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2002/11/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"kdenetwork-3.0.3-15.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"kdenetwork-devel-3.0.3-15.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"lisa-3.0.3-15.1mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2002-221.NASL
    descriptionA number of vulnerabilities have been found that affect various versions of KDE. This errata provides updates for these issues. KDE is a graphical desktop environment for workstations. A number of vulnerabilities have been found in various versions of KDE. The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. The Common Vulnerabilities and Exposures project has assigned the name CVE-2002-0970 to this issue. The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute scripts and steal cookies from subframes that are in other domains. (CVE-2002-1151) Multiple buffer overflows exist in the KDE LAN browsing implementation; the reslisa daemon contains a buffer overflow vulnerability which could be exploited if the reslisa binary is SUID root. Additionally, the lisa daemon contains a vulnerability which potentially enables any local user, as well any any remote attacker on the LAN who is able to gain control of the LISa port (7741 by default), to obtain root privileges. In Red Hat Linux reslisa is not SUID root and lisa services are not automatically started. (CVE-2002-1247, CVE-2002-1306) Red Hat Linux Advanced Server 2.1 provides KDE version 2.2.2 and is therefore vulnerable to these issues. This errata provides new kdelibs and kdenetworks packages which contain patches to correct these issues. Please note that there is are two additional vulnerabilities that affect KDE 2.x which are not fixed by this errata. A vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a carefully crafted URL. (CVE-2002-1281). A similar vulnerability affects the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later. (CVE-2002-1282) At this time, Red Hat recommends disabling both the rlogin and telnet KIO protocols as a workaround. To disable both protocols, execute these commands while logged in as root : rm /usr/share/services/rlogin.protocol rm /usr/share/services/telnet.protocol
    last seen2020-06-01
    modified2020-06-02
    plugin id12328
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12328
    titleRHEL 2.1 : kdelibs (RHSA-2002:221)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2002:221. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(12328);
      script_version ("1.27");
      script_cvs_date("Date: 2019/10/25 13:36:10");
    
      script_cve_id("CVE-2002-0970", "CVE-2002-1151", "CVE-2002-1247", "CVE-2002-1306");
      script_xref(name:"RHSA", value:"2002:221");
    
      script_name(english:"RHEL 2.1 : kdelibs (RHSA-2002:221)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A number of vulnerabilities have been found that affect various
    versions of KDE. This errata provides updates for these issues.
    
    KDE is a graphical desktop environment for workstations. A number of
    vulnerabilities have been found in various versions of KDE.
    
    The SSL capability for Konqueror in KDE 3.0.2 and earlier does not
    verify the Basic Constraints for an intermediate CA-signed
    certificate, which allows remote attackers to spoof the certificates
    of trusted sites via a man-in-the-middle attack. The Common
    Vulnerabilities and Exposures project has assigned the name
    CVE-2002-0970 to this issue.
    
    The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0
    through 3.0.3 does not properly initialize the domains on sub-frames
    and sub-iframes, which can allow remote attackers to execute scripts
    and steal cookies from subframes that are in other domains.
    (CVE-2002-1151)
    
    Multiple buffer overflows exist in the KDE LAN browsing
    implementation; the reslisa daemon contains a buffer overflow
    vulnerability which could be exploited if the reslisa binary is SUID
    root. Additionally, the lisa daemon contains a vulnerability which
    potentially enables any local user, as well any any remote attacker on
    the LAN who is able to gain control of the LISa port (7741 by
    default), to obtain root privileges. In Red Hat Linux reslisa is not
    SUID root and lisa services are not automatically started.
    (CVE-2002-1247, CVE-2002-1306)
    
    Red Hat Linux Advanced Server 2.1 provides KDE version 2.2.2 and is
    therefore vulnerable to these issues. This errata provides new kdelibs
    and kdenetworks packages which contain patches to correct these
    issues.
    
    Please note that there is are two additional vulnerabilities that
    affect KDE 2.x which are not fixed by this errata. A vulnerability in
    the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later,
    and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to
    execute arbitrary code via a carefully crafted URL. (CVE-2002-1281). A
    similar vulnerability affects the telnet KIO subsystem
    (telnet.protocol) of KDE 2.x 2.1 and later. (CVE-2002-1282)
    
    At this time, Red Hat recommends disabling both the rlogin and telnet
    KIO protocols as a workaround. To disable both protocols, execute
    these commands while logged in as root :
    
    rm /usr/share/services/rlogin.protocol rm
    /usr/share/services/telnet.protocol"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2002-0970"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2002-1151"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2002-1247"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2002-1306"
      );
      # http://marc.theaimsgroup.com/?l=bugtraq&m=102977530005148
      script_set_attribute(
        attribute:"see_also",
        value:"https://marc.info/?l=bugtraq&m=102977530005148"
      );
      # http://www.kde.org/info/security/advisory-20020908-2.txt
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.kde.org/info/security/advisory-20020908-2.txt"
      );
      # http://www.kde.org/info/security/advisory-20021111-1.txt
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.kde.org/info/security/advisory-20021111-1.txt"
      );
      # http://www.kde.org/info/security/advisory-20021111-2.txt
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.kde.org/info/security/advisory-20021111-2.txt"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2002:221"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:arts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs-sound");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs-sound-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdenetwork");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdenetwork-ppp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2002/09/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2002/11/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2002:221";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"arts-2.2.2-3")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-2.2.2-3")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-devel-2.2.2-3")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-sound-2.2.2-3")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-sound-devel-2.2.2-3")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdenetwork-2.2.2-2")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdenetwork-ppp-2.2.2-2")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "arts / kdelibs / kdelibs-devel / kdelibs-sound / etc");
      }
    }
    

Redhat

advisories
rhsa
idRHSA-2002:220