Vulnerabilities > CVE-2007-4225 - Remote Security vulnerability in KDE Konqueror 3.5.7

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
kde
nessus

Summary

Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion.

Vulnerable Configurations

Part Description Count
Application
Kde
1

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-716.NASL
    descriptionThe remote Fedora Core host is missing one or more security updates : kdebase-3.5.7-1.fc6 : - Tue Oct 2 2007 Than Ngo <than at redhat.com> - 6:3.5.7-1.fc6 - CVE-2007-4224, CVE-2007-4225, CVE-2007-3820 - rh#299741, CVE-2007-4569 - Mon Jul 2 2007 Than Ngo <than at redhat.com> - 6:3.5.7-0.fc6.2 - fix #244906 kdelibs-3.5.7-1.fc6 : - Tue Oct 2 2007 Than Ngo <than at redhat.com> - 6:3.5.7-1.fc6 - CVE-2007-4224, CVE-2007-3820 konqueror address bar spoofing Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id26935
    published2007-10-09
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/26935
    titleFedora Core 6 : kdebase-3.5.7-1.fc6 / kdelibs-3.5.7-1.fc6 (2007-716)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2007-716.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(26935);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:26");
    
      script_cve_id("CVE-2007-3820", "CVE-2007-4224", "CVE-2007-4225", "CVE-2007-4569");
      script_xref(name:"FEDORA", value:"2007-716");
    
      script_name(english:"Fedora Core 6 : kdebase-3.5.7-1.fc6 / kdelibs-3.5.7-1.fc6 (2007-716)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote Fedora Core host is missing one or more security updates :
    
    kdebase-3.5.7-1.fc6 :
    
      - Tue Oct 2 2007 Than Ngo <than at redhat.com> -
        6:3.5.7-1.fc6
    
        - CVE-2007-4224, CVE-2007-4225, CVE-2007-3820
    
        - rh#299741, CVE-2007-4569
    
        - Mon Jul 2 2007 Than Ngo <than at redhat.com> -
          6:3.5.7-0.fc6.2
    
        - fix #244906
    
    kdelibs-3.5.7-1.fc6 :
    
      - Tue Oct 2 2007 Than Ngo <than at redhat.com> -
        6:3.5.7-1.fc6
    
        - CVE-2007-4224, CVE-2007-3820 konqueror address bar
          spoofing
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2007-October/004054.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?35a04b05"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2007-October/004055.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d12013e1"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_cwe_id(59, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdebase");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdebase-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdebase-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdelibs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdelibs-apidocs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdelibs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdelibs-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:6");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/10/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 6.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC6", reference:"kdebase-3.5.7-1.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"kdebase-debuginfo-3.5.7-1.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"kdebase-devel-3.5.7-1.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"kdelibs-3.5.7-1.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"kdelibs-apidocs-3.5.7-1.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"kdelibs-debuginfo-3.5.7-1.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"kdelibs-devel-3.5.7-1.fc6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdebase / kdebase-debuginfo / kdebase-devel / kdelibs / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-2361.NASL
    description - Tue Oct 2 2007 Than Ngo <than at redhat.com> - 6:3.5.7-13.1 - rh#299731, CVE-2007-4569 - Wed Aug 15 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 6:3.5.7-13 - CVE-2007-3820, CVE-2007-4224, CVE-2007-4225 - License: GPLv2 - Requires: kdelibs3(-devel) - Fri Jul 20 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-12 - fix unpackaged files - Fri Jul 20 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-9 - %ifnarch s390 s390x: BR: lm_sensors - Thu Jul 19 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-7 - omit dirs owned by kde-filesystem - Mon Jul 2 2007 Than Ngo <than at redhat.com> - 6:3.5.7-6 - fix bz#244906 - Wed Jun 20 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-5 - Provides: kdebase3(-devel) - Wed Jun 20 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-4 - -devel: Requires: %name... - portability++ - Fri Jun 15 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-3 - specfile portability - Mon Jun 11 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-2 - fix BR: kdelibs-devel - cleanup Req
    last seen2020-06-01
    modified2020-06-02
    plugin id27769
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27769
    titleFedora 7 : kdebase-3.5.7-13.1.fc7 (2007-2361)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2007-2361.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27769);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:25");
    
      script_cve_id("CVE-2007-3820", "CVE-2007-4224", "CVE-2007-4225", "CVE-2007-4569");
      script_xref(name:"FEDORA", value:"2007-2361");
    
      script_name(english:"Fedora 7 : kdebase-3.5.7-13.1.fc7 (2007-2361)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Tue Oct 2 2007 Than Ngo <than at redhat.com> -
        6:3.5.7-13.1
    
        - rh#299731, CVE-2007-4569
    
        - Wed Aug 15 2007 Rex Dieter
          <rdieter[AT]fedoraproject.org> 6:3.5.7-13
    
        - CVE-2007-3820, CVE-2007-4224, CVE-2007-4225
    
        - License: GPLv2
    
        - Requires: kdelibs3(-devel)
    
        - Fri Jul 20 2007 Rex Dieter
          <rdieter[AT]fedoraproject.org> - 6:3.5.7-12
    
        - fix unpackaged files
    
        - Fri Jul 20 2007 Rex Dieter
          <rdieter[AT]fedoraproject.org> - 6:3.5.7-9
    
        - %ifnarch s390 s390x: BR: lm_sensors
    
        - Thu Jul 19 2007 Rex Dieter
          <rdieter[AT]fedoraproject.org> - 6:3.5.7-7
    
        - omit dirs owned by kde-filesystem
    
        - Mon Jul 2 2007 Than Ngo <than at redhat.com> -
          6:3.5.7-6
    
        - fix bz#244906
    
        - Wed Jun 20 2007 Rex Dieter
          <rdieter[AT]fedoraproject.org> - 6:3.5.7-5
    
        - Provides: kdebase3(-devel)
    
        - Wed Jun 20 2007 Rex Dieter
          <rdieter[AT]fedoraproject.org> - 6:3.5.7-4
    
        - -devel: Requires: %name...
    
        - portability++
    
        - Fri Jun 15 2007 Rex Dieter
          <rdieter[AT]fedoraproject.org> - 6:3.5.7-3
    
        - specfile portability
    
        - Mon Jun 11 2007 Rex Dieter
          <rdieter[AT]fedoraproject.org> - 6:3.5.7-2
    
        - fix BR: kdelibs-devel
    
        - cleanup Req's wrt kde-settings
    
        - Mon Jun 11 2007 Than Ngo <than at redhat.com> -
          6:3.5.7-1.fc7.1
    
        - remove kdebase-3.4.2-npapi-64bit-fixes.patch, it's
          included in new upstream
    
      - Wed Jun 6 2007 Than Ngo <than at redhat.com> -
        6:3.5.7-0.1
    
        - 3.5.7
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=299731"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2007-October/003992.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?cca76192"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_cwe_id(59, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdebase");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdebase-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdebase-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdebase-extras");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/10/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC7", reference:"kdebase-3.5.7-13.1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"kdebase-debuginfo-3.5.7-13.1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"kdebase-devel-3.5.7-13.1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"kdebase-extras-3.5.7-13.1.fc7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdebase / kdebase-debuginfo / kdebase-devel / kdebase-extras");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-502-1.NASL
    descriptionIt was discovered that Konqueror could be tricked into displaying incorrect URLs. Remote attackers could exploit this to increase their chances of tricking a user into visiting a phishing URL, which could lead to credential theft. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28106
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28106
    titleUbuntu 6.06 LTS / 6.10 / 7.04 : kdebase, kdelibs vulnerabilities (USN-502-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-502-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(28106);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:33:01");
    
      script_cve_id("CVE-2007-3820", "CVE-2007-4224", "CVE-2007-4225");
      script_bugtraq_id(24912);
      script_xref(name:"USN", value:"502-1");
    
      script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 : kdebase, kdelibs vulnerabilities (USN-502-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that Konqueror could be tricked into displaying
    incorrect URLs. Remote attackers could exploit this to increase their
    chances of tricking a user into visiting a phishing URL, which could
    lead to credential theft.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/502-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(59);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kappfinder");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kate");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kcontrol");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kdebase");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kdebase-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kdebase-data");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kdebase-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kdebase-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kdebase-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kdebase-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kdebase-kio-plugins");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kdelibs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kdelibs-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kdelibs-data");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kdelibs-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kdelibs4-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kdelibs4-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kdelibs4c2a");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kdepasswd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kdeprint");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kdesktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kdm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kfind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:khelpcenter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kicker");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:klipper");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kmenuedit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:konqueror");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:konqueror-nsplugins");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:konsole");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kpager");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kpersonalizer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ksmserver");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ksplash");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ksysguard");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ksysguardd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ktip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kwin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkonq4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkonq4-dev");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/08/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(6\.06|6\.10|7\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"6.06", pkgname:"kappfinder", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kate", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kcontrol", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kdebase", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kdebase-bin", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kdebase-data", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kdebase-dev", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kdebase-doc", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kdebase-doc-html", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kdebase-kio-plugins", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kdelibs", pkgver:"3.5.2-0ubuntu18.5")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kdelibs-bin", pkgver:"3.5.2-0ubuntu18.5")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kdelibs-data", pkgver:"3.5.2-0ubuntu18.5")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kdelibs-dbg", pkgver:"3.5.2-0ubuntu18.5")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kdelibs4-dev", pkgver:"3.5.2-0ubuntu18.5")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kdelibs4-doc", pkgver:"3.5.2-0ubuntu18.5")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kdelibs4c2a", pkgver:"4:3.5.2-0ubuntu18.5")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kdepasswd", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kdeprint", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kdesktop", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kdm", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kfind", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"khelpcenter", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kicker", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"klipper", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kmenuedit", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"konqueror", pkgver:"4:3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"konqueror-nsplugins", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"konsole", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kpager", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kpersonalizer", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"ksmserver", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"ksplash", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"ksysguard", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"ksysguardd", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"ktip", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kwin", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libkonq4", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libkonq4-dev", pkgver:"3.5.2-0ubuntu27.1")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kappfinder", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kate", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kcontrol", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kdebase", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kdebase-bin", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kdebase-data", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kdebase-dbg", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kdebase-dev", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kdebase-doc", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kdebase-doc-html", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kdebase-kio-plugins", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kdelibs", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kdelibs-data", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kdelibs-dbg", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kdelibs4-dev", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kdelibs4-doc", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kdelibs4c2a", pkgver:"4:3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kdepasswd", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kdeprint", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kdesktop", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kdm", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kfind", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"khelpcenter", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kicker", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"klipper", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kmenuedit", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"konqueror", pkgver:"4:3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"konqueror-nsplugins", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"konsole", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kpager", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kpersonalizer", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"ksmserver", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"ksplash", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"ksysguard", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"ksysguardd", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"ktip", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kwin", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"libkonq4", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"libkonq4-dev", pkgver:"3.5.5-0ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kappfinder", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kate", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kcontrol", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kdebase", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kdebase-bin", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kdebase-data", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kdebase-dbg", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kdebase-dev", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kdebase-doc", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kdebase-doc-html", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kdebase-kio-plugins", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kdelibs", pkgver:"3.5.6-0ubuntu14.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kdelibs-data", pkgver:"3.5.6-0ubuntu14.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kdelibs-dbg", pkgver:"3.5.6-0ubuntu14.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kdelibs4-dev", pkgver:"3.5.6-0ubuntu14.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kdelibs4-doc", pkgver:"3.5.6-0ubuntu14.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kdelibs4c2a", pkgver:"4:3.5.6-0ubuntu14.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kdepasswd", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kdeprint", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kdesktop", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kdm", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kfind", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"khelpcenter", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kicker", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"klipper", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kmenuedit", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"konqueror", pkgver:"4:3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"konqueror-nsplugins", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"konsole", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kpager", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kpersonalizer", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"ksmserver", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"ksplash", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"ksysguard", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"ksysguardd", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"ktip", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kwin", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"libkonq4", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"libkonq4-dev", pkgver:"3.5.6-0ubuntu20.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kappfinder / kate / kcontrol / kdebase / kdebase-bin / kdebase-data / etc");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_14AD2A2866D211DCB25F02E0185F8D72.NASL
    descriptionThe KDE development team reports : The Konqueror address bar is vulnerable to spoofing attacks that are based on embedding white spaces in the url. In addition the address bar could be tricked to show an URL which it is intending to visit for a short amount of time instead of the current URL.
    last seen2020-06-01
    modified2020-06-02
    plugin id26085
    published2007-09-24
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/26085
    titleFreeBSD : konquerer -- address bar spoofing (14ad2a28-66d2-11dc-b25f-02e0185f8d72)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(26085);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:38");
    
      script_cve_id("CVE-2007-3820", "CVE-2007-4224", "CVE-2007-4225");
    
      script_name(english:"FreeBSD : konquerer -- address bar spoofing (14ad2a28-66d2-11dc-b25f-02e0185f8d72)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The KDE development team reports :
    
    The Konqueror address bar is vulnerable to spoofing attacks that are
    based on embedding white spaces in the url. In addition the address
    bar could be tricked to show an URL which it is intending to visit for
    a short amount of time instead of the current URL."
      );
      # http://www.kde.org/info/security/advisory-20070914-1.txt
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.kde.org/info/security/advisory-20070914-1.txt"
      );
      # https://vuxml.freebsd.org/freebsd/14ad2a28-66d2-11dc-b25f-02e0185f8d72.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?88b38666"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_cwe_id(59);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:kdebase");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:kdelibs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/09/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/09/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"kdebase<3.5.7_3")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"kdelibs<3.5.7_2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-176.NASL
    descriptionkonqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. (CVE-2007-3820) KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property. (CVE-2007-4224) Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion. (CVE-2007-4225) Updated packages fix these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id26008
    published2007-09-07
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/26008
    titleMandrake Linux Security Advisory : konqueror (MDKSA-2007:176)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2007:176. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(26008);
      script_version ("1.18");
      script_cvs_date("Date: 2019/08/02 13:32:49");
    
      script_cve_id("CVE-2007-3820", "CVE-2007-4224", "CVE-2007-4225");
      script_bugtraq_id(24912);
      script_xref(name:"MDKSA", value:"2007:176");
    
      script_name(english:"Mandrake Linux Security Advisory : konqueror (MDKSA-2007:176)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to
    spoof the data: URI scheme in the address bar via a long URI with
    trailing whitespace, which prevents the beginning of the URI from
    being displayed. (CVE-2007-3820)
    
    KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address
    bar by calling setInterval with a small interval and changing the
    window.location property. (CVE-2007-4224)
    
    Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote
    attackers to spoof the URL address bar via an http URI with a large
    amount of whitespace in the user/password portion. (CVE-2007-4225)
    
    Updated packages fix these issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(59);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-kate");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-kdeprintfax");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-kdm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-kmenuedit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-konsole");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-nsplugins");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-progs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-session-plugins");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdelibs-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdelibs-devel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdebase4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdebase4-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdebase4-kate");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdebase4-kate-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdebase4-kmenuedit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdebase4-konsole");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdecore4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdecore4-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdebase4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdebase4-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdebase4-kate");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdebase4-kate-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdebase4-kmenuedit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdebase4-konsole");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdecore4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdecore4-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/09/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2007.0", reference:"kdebase-3.5.4-35.4mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"kdebase-common-3.5.4-35.4mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"kdebase-kate-3.5.4-35.4mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"kdebase-kdeprintfax-3.5.4-35.4mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"kdebase-kdm-3.5.4-35.4mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"kdebase-kmenuedit-3.5.4-35.4mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"kdebase-konsole-3.5.4-35.4mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"kdebase-nsplugins-3.5.4-35.4mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"kdebase-progs-3.5.4-35.4mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"kdelibs-common-3.5.4-19.6mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"kdelibs-devel-doc-3.5.4-19.6mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdebase4-3.5.4-35.4mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdebase4-devel-3.5.4-35.4mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdebase4-kate-3.5.4-35.4mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdebase4-kate-devel-3.5.4-35.4mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdebase4-kmenuedit-3.5.4-35.4mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdebase4-konsole-3.5.4-35.4mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdecore4-3.5.4-19.6mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdecore4-devel-3.5.4-19.6mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdebase4-3.5.4-35.4mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdebase4-devel-3.5.4-35.4mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdebase4-kate-3.5.4-35.4mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdebase4-kate-devel-3.5.4-35.4mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdebase4-kmenuedit-3.5.4-35.4mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdebase4-konsole-3.5.4-35.4mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdecore4-3.5.4-19.6mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdecore4-devel-3.5.4-19.6mdv2007.0", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2007.1", reference:"kdebase-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"kdebase-common-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"kdebase-kate-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"kdebase-kdeprintfax-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"kdebase-kdm-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"kdebase-kmenuedit-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"kdebase-konsole-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"kdebase-nsplugins-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"kdebase-progs-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"kdebase-session-plugins-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"kdelibs-common-3.5.6-11.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"kdelibs-devel-doc-3.5.6-11.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64kdebase4-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64kdebase4-devel-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64kdebase4-kate-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64kdebase4-kate-devel-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64kdebase4-kmenuedit-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64kdebase4-konsole-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64kdecore4-3.5.6-11.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64kdecore4-devel-3.5.6-11.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libkdebase4-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libkdebase4-devel-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libkdebase4-kate-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libkdebase4-kate-devel-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libkdebase4-kmenuedit-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libkdebase4-konsole-3.5.6-34.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libkdecore4-3.5.6-11.2mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libkdecore4-devel-3.5.6-11.2mdv2007.1", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-1699.NASL
    descriptionThis update primarily addresses problems with URL spoofing and consolekit/session permissions. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27728
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27728
    titleFedora 7 : kdelibs-3.5.7-20.fc7 (2007-1699)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2007-1699.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27728);
      script_version ("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:25");
    
      script_cve_id("CVE-2007-3820", "CVE-2007-4224", "CVE-2007-4225");
      script_xref(name:"FEDORA", value:"2007-1699");
    
      script_name(english:"Fedora 7 : kdelibs-3.5.7-20.fc7 (2007-1699)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update primarily addresses problems with URL spoofing and
    consolekit/session permissions.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2007-August/003345.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c76a6e38"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_cwe_id(59);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdelibs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdelibs-apidocs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdelibs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdelibs-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/08/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC7", reference:"kdelibs-3.5.7-20.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"kdelibs-apidocs-3.5.7-20.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"kdelibs-debuginfo-3.5.7-20.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"kdelibs-devel-3.5.7-20.fc7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdelibs / kdelibs-apidocs / kdelibs-debuginfo / kdelibs-devel");
    }
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2007-264-01.NASL
    descriptionNew kdebase packages are available for Slackware 12.0 to fix security issues. A long URL padded with spaces could be used to display a false URL in Konqueror
    last seen2020-06-01
    modified2020-06-02
    plugin id26113
    published2007-09-24
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/26113
    titleSlackware 12.0 : kdebase, kdelibs (SSA:2007-264-01)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2007-264-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(26113);
      script_version("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:21");
    
      script_cve_id("CVE-2007-3820", "CVE-2007-4224", "CVE-2007-4225", "CVE-2007-4569");
      script_xref(name:"SSA", value:"2007-264-01");
    
      script_name(english:"Slackware 12.0 : kdebase, kdelibs (SSA:2007-264-01)");
      script_summary(english:"Checks for updated packages in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New kdebase packages are available for Slackware 12.0 to fix security
    issues. A long URL padded with spaces could be used to display a false
    URL in Konqueror's addressbar, and KDM when used with no-password
    login could be tricked into logging a different user in without a
    password. This is not the way KDM is configured in Slackware by
    default, somewhat mitigating the impact of this issue."
      );
      # http://www.kde.org/info/security/advisory-20070919-1.txt
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.kde.org/info/security/advisory-20070919-1.txt"
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.455499
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4208d761"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kdebase and / or kdelibs packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_cwe_id(59, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:kdebase");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:kdelibs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/09/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"12.0", pkgname:"kdebase", pkgver:"3.5.7", pkgarch:"i486", pkgnum:"3_slack12.0")) flag++;
    if (slackware_check(osver:"12.0", pkgname:"kdelibs", pkgver:"3.5.7", pkgarch:"i486", pkgnum:"3_slack12.0")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-1700.NASL
    descriptionThis update primarily addresses security issues around URL spoofing. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27729
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27729
    titleFedora 7 : kdebase-3.5.7-13.fc7 (2007-1700)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2007-1700.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27729);
      script_version ("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:25");
    
      script_cve_id("CVE-2007-3820", "CVE-2007-4224", "CVE-2007-4225");
      script_xref(name:"FEDORA", value:"2007-1700");
    
      script_name(english:"Fedora 7 : kdebase-3.5.7-13.fc7 (2007-1700)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update primarily addresses security issues around URL spoofing.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2007-August/003346.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?438842df"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_cwe_id(59);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdebase");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdebase-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdebase-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdebase-extras");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/08/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC7", reference:"kdebase-3.5.7-13.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"kdebase-debuginfo-3.5.7-13.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"kdebase-devel-3.5.7-13.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"kdebase-extras-3.5.7-13.fc7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdebase / kdebase-debuginfo / kdebase-devel / kdebase-extras");
    }
    

Statements

contributorJoshua Bressers
lastmodified2007-08-09
organizationRed Hat
statementNot vulnerable. Not vulnerable. These issues did not affect the versions of konqueror as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.