Vulnerabilities > CVE-2003-0690 - Unspecified vulnerability in KDE

#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-443. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(15280);
  script_version("1.23");
  script_cvs_date("Date: 2019/08/02 13:32:17");

  script_cve_id("CVE-2003-0690", "CVE-2004-0083", "CVE-2004-0084", "CVE-2004-0093", "CVE-2004-0094", "CVE-2004-0106");
  script_bugtraq_id(9636, 9652, 9655, 9701);
  script_xref(name:"DSA", value:"443");

  script_name(english:"Debian DSA-443-1 : xfree86 - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A number of vulnerabilities have been discovered in XFree86. The
corrections are listed below with the identification from the Common
Vulnerabilities and Exposures (CVE) project :

  - CAN-2004-0083 :
    Buffer overflow in ReadFontAlias from dirfile.c of
    XFree86 4.1.0 through 4.3.0 allows local users and
    remote attackers to execute arbitrary code via a font
    alias file (font.alias) with a long token, a different
    vulnerability than CAN-2004-0084.

  - CAN-2004-0084 :

    Buffer overflow in the ReadFontAlias function in XFree86
    4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered
    function, allows local or remote authenticated users to
    execute arbitrary code via a malformed entry in the font
    alias (font.alias) file, a different vulnerability than
    CAN-2004-0083.

  - CAN-2004-0106 :

    Miscellaneous additional flaws in XFree86's handling of
    font files.

  - CAN-2003-0690 :

    xdm does not verify whether the pam_setcred function
    call succeeds, which may allow attackers to gain root
    privileges by triggering error conditions within PAM
    modules, as demonstrated in certain configurations of
    the MIT pam_krb5 module.

  - CAN-2004-0093, CAN-2004-0094 :

    Denial-of-service attacks against the X server by
    clients using the GLX extension and Direct Rendering
    Infrastructure are possible due to unchecked client data
    (out-of-bounds array indexes [CAN-2004-0093] and integer
    signedness errors [CAN-2004-0094]).

Exploitation of CAN-2004-0083, CAN-2004-0084, CAN-2004-0106,
CAN-2004-0093 and CAN-2004-0094 would require a connection to the X
server. By default, display managers in Debian start the X server with
a configuration which only accepts local connections, but if the
configuration is changed to allow remote connections, or X servers are
started by other means, then these bugs could be exploited remotely.
Since the X server usually runs with root privileges, these bugs could
potentially be exploited to gain root privileges.

No attack vector for CAN-2003-0690 is known at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2004/dsa-443"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"For the stable distribution (woody) these problems have been fixed in
version 4.1.0-16woody3.

We recommend that you update your xfree86 package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfree86");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/02/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_set_attribute(attribute:"vuln_publication_date", value:"2004/02/19");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"lbxproxy", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libdps-dev", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libdps1", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libdps1-dbg", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libxaw6", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libxaw6-dbg", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libxaw6-dev", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libxaw7", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libxaw7-dbg", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libxaw7-dev", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"proxymngr", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"twm", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"x-window-system", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"x-window-system-core", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xbase-clients", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xdm", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xfonts-100dpi", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xfonts-100dpi-transcoded", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xfonts-75dpi", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xfonts-75dpi-transcoded", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xfonts-base", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xfonts-base-transcoded", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xfonts-cyrillic", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xfonts-pex", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xfonts-scalable", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xfree86-common", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xfs", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xfwp", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xlib6g", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xlib6g-dev", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xlibmesa-dev", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xlibmesa3", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xlibmesa3-dbg", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xlibosmesa-dev", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xlibosmesa3", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xlibosmesa3-dbg", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xlibs", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xlibs-dbg", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xlibs-dev", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xlibs-pic", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xmh", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xnest", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xprt", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xserver-common", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xserver-xfree86", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xspecs", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xterm", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xutils", reference:"4.1.0-16woody3")) flag++;
if (deb_check(release:"3.0", prefix:"xvfb", reference:"4.1.0-16woody3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2003:270. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(12419);
  script_version ("1.28");
  script_cvs_date("Date: 2019/10/25 13:36:10");

  script_cve_id("CVE-2003-0690", "CVE-2003-0692");
  script_bugtraq_id(8635);
  script_xref(name:"RHSA", value:"2003:270");

  script_name(english:"RHEL 2.1 : kdebase (RHSA-2003:270)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated KDE packages that resolve a local security issue with KDM PAM
support and weak session cookie generation are now available.

KDE is a graphical desktop environment for the X Window System.

KDE between versions 2.2.0 and 3.1.3 inclusive contain a bug in the
KDE Display Manager (KDM) when checking the result of a pam_setcred()
call. If an error condition is triggered by the installed PAM modules,
KDM might grant local root access to any user with valid login
credentials.

It has been reported that one way to trigger this bug is by having a
certain configuration of the MIT pam_krb5 module that leaves a session
alive and gives root access to a regular user. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2003-0690 to this issue.

In addition, the session cookie generation algorithm used by KDM was
considered too weak to supply a full 128 bits of entropy. This could
make it possible for non-authorized users, who are able to bypass any
host restrictions, to brute-force the session cookie and gain acess to
the current session. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2003-0692 to this issue.

Users of KDE are advised to upgrade to these erratum packages, which
contain security patches correcting these issues.

Red Hat would like to thank the KDE team for notifying us of this
issue and providing the security patches."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2003-0690"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2003-0692"
  );
  # http://www.kde.org/info/security/advisory-20030916-1.txt
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.kde.org/info/security/advisory-20030916-1.txt"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2003:270"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kdebase and / or kdebase-devel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdebase");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdebase-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2003/10/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2003/09/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2003:270";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdebase-2.2.2-11")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdebase-devel-2.2.2-11")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdebase / kdebase-devel");
  }
}

#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2003:091. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(14073);
  script_version ("1.16");
  script_cvs_date("Date: 2019/08/02 13:32:47");

  script_cve_id("CVE-2003-0690", "CVE-2003-0692");
  script_xref(name:"MDKSA", value:"2003:091");

  script_name(english:"Mandrake Linux Security Advisory : kdebase (MDKSA-2003:091)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A vulnerability was discovered in all versions of KDE 2.2.0 up to and
including 3.1.3. KDM does not check for successful completion of the
pam_setcred() call and in the case of error conditions in the
installed PAM modules, KDM may grant local root access to any user
with valid login credentials. It has been reported to the KDE team
that a certain configuration of the MIT pam_krb5 module can result in
a failing pam_setcred() call which leaves the session alive and would
provide root access to any regular user. It is also possible that this
vulnerability can likewise be exploited with other PAM modules in a
similar manner.

Another vulnerability was discovered in kdm where the cookie session
generating algorithm was considered too weak to supply a full 128 bits
of entropy. This allowed unauthorized users to brute-force the session
cookie.

mdkkdm, a specialized version of kdm, is likewise vulnerable to these
problems and has been patched as well."
  );
  # http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6542c24b"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.kde.org/info/security/advisory-20030916-1.txt"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-kdm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-nsplugins");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mdkkdm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/09/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"kdebase-3.0.5a-1.4mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"kdebase-devel-3.0.5a-1.4mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"kdebase-nsplugins-3.0.5a-1.4mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kdebase-3.1-83.5mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kdebase-devel-3.1-83.5mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kdebase-kdm-3.1-83.5mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kdebase-nsplugins-3.1-83.5mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"mdkkdm-9.1-24.2mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-388. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(15225);
  script_version("1.22");
  script_cvs_date("Date: 2019/08/02 13:32:17");

  script_cve_id("CVE-2003-0690", "CVE-2003-0692");
  script_bugtraq_id(8635, 8636);
  script_xref(name:"DSA", value:"388");

  script_name(english:"Debian DSA-388-1 : kdebase - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Two vulnerabilities were discovered in kdebase :

  - CAN-2003-0690 :
    KDM in KDE 3.1.3 and earlier does not verify whether the
    pam_setcred function call succeeds, which may allow
    attackers to gain root privileges by triggering error
    conditions within PAM modules, as demonstrated in
    certain configurations of the MIT pam_krb5 module.

  - CAN-2003-0692 :

    KDM in KDE 3.1.3 and earlier uses a weak session cookie
    generation algorithm that does not provide 128 bits of
    entropy, which allows attackers to guess session cookies
    via brute-force methods and gain access to the user
    session.

These vulnerabilities are described in the following security advisory
from KDE :"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2003/dsa-388"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"For the current stable distribution (woody) these problems have been
fixed in version 4:2.2.2-14.7.

We recommend that you update your kdebase package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kdebase");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/09/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"kate", reference:"2.2.2-14.7")) flag++;
if (deb_check(release:"3.0", prefix:"kdebase", reference:"2.2.2-14.7")) flag++;
if (deb_check(release:"3.0", prefix:"kdebase-audiolibs", reference:"2.2.2-14.7")) flag++;
if (deb_check(release:"3.0", prefix:"kdebase-dev", reference:"2.2.2-14.7")) flag++;
if (deb_check(release:"3.0", prefix:"kdebase-doc", reference:"2.2.2-14.7")) flag++;
if (deb_check(release:"3.0", prefix:"kdebase-libs", reference:"2.2.2-14.7")) flag++;
if (deb_check(release:"3.0", prefix:"kdewallpapers", reference:"2.2.2-14.7")) flag++;
if (deb_check(release:"3.0", prefix:"kdm", reference:"2.2.2-14.7")) flag++;
if (deb_check(release:"3.0", prefix:"konqueror", reference:"2.2.2-14.7")) flag++;
if (deb_check(release:"3.0", prefix:"konsole", reference:"2.2.2-14.7")) flag++;
if (deb_check(release:"3.0", prefix:"kscreensaver", reference:"2.2.2-14.7")) flag++;
if (deb_check(release:"3.0", prefix:"libkonq-dev", reference:"2.2.2-14.7")) flag++;
if (deb_check(release:"3.0", prefix:"libkonq3", reference:"2.2.2-14.7")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");