Vulnerabilities > CVE-2013-4132 - Cryptographic Issues vulnerability in multiple products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

kde

opensuse

CWE-310

nessus

NVD

Published: 2013-09-16

Updated: 2018-10-30

Summary

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.

Vulnerable Configurations

Part	Description	Count
Application	Kde KDE KDE Workspace 4.2.0 KDE KDE Workspace 4.10.5 KDE KDE SC 2.2.0 KDE KDE SC 3.5.10 KDE KDE SC 4.0.0 KDE KDE SC 4.0.1 KDE KDE SC 4.0.2 KDE KDE SC 4.0.3 KDE KDE SC 4.0.4 KDE KDE SC 4.0.5 KDE KDE SC 4.1.0 KDE KDE SC 4.1.1 KDE KDE SC 4.1.2 KDE KDE SC 4.1.3 KDE KDE SC 4.1.4 KDE KDE SC 4.1.80 KDE KDE SC 4.1.85 KDE KDE SC 4.1.96 KDE KDE SC 4.2 KDE KDE SC 4.2.0 KDE KDE SC 4.2.1 KDE KDE SC 4.2.2 KDE KDE SC 4.2.3 KDE KDE SC 4.2.4 KDE KDE SC 4.3.0 KDE KDE SC 4.3.1 KDE KDE SC 4.3.2 KDE KDE SC 4.3.3 KDE KDE SC 4.3.4 KDE KDE SC 4.3.5 KDE KDE SC 4.4.0 KDE KDE SC 4.4.1 KDE KDE SC 4.4.2 KDE KDE SC 4.4.3 KDE KDE SC 4.4.4 KDE KDE SC 4.4.5 KDE KDE SC 4.5.0 KDE KDE SC 4.5.1 KDE KDE SC 4.6.0 KDE KDE SC 4.6.1 KDE KDE SC 4.6.2 KDE KDE SC 4.6.3 KDE KDE SC 4.6.4 KDE KDE SC 4.6.5 KDE KDE SC 4.7.0 KDE KDE SC 4.7.1 KDE KDE SC 4.7.2 KDE KDE SC 4.7.3 KDE KDE SC 4.7.4 KDE KDE SC 4.10.5	73
OS	Opensuse Opensuse Opensuse 12.2	1

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2013-625.NASL
description	kdebase4-workspace received fixes for : - KDM: a potential crash in crypt() was fixed (bnc#829857, CVE-2013-4132) - Fixes plasma systemtray memory leak with legacy icons (kde#314919, bnc#817932, bnc#829857, CVE-2013-4133)
last seen	2020-06-05
modified	2014-06-13
plugin id	75103
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/75103
title	openSUSE Security Update : kdebase4-workspace (openSUSE-SU-2013:1291-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2013-625. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75103); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-4132", "CVE-2013-4133"); script_name(english:"openSUSE Security Update : kdebase4-workspace (openSUSE-SU-2013:1291-1)"); script_summary(english:"Check for the openSUSE-2013-625 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "kdebase4-workspace received fixes for : - KDM: a potential crash in crypt() was fixed (bnc#829857, CVE-2013-4132) - Fixes plasma systemtray memory leak with legacy icons (kde#314919, bnc#817932, bnc#829857, CVE-2013-4133)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=817932" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=829857" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2013-08/msg00002.html" ); script_set_attribute( attribute:"solution", value:"Update the affected kdebase4-workspace packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kde4-kgreeter-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kde4-kgreeter-plugins-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-branding-upstream"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-ksysguardd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-ksysguardd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-liboxygenstyle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-liboxygenstyle-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-liboxygenstyle-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-liboxygenstyle-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-plasma-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-plasma-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-plasma-engine-akonadi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-plasma-engine-akonadi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdm-branding-upstream"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kwin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kwin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-kdebase4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/16"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.2", reference:"kde4-kgreeter-plugins-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kde4-kgreeter-plugins-debuginfo-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kdebase4-workspace-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kdebase4-workspace-branding-upstream-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kdebase4-workspace-debuginfo-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kdebase4-workspace-debugsource-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kdebase4-workspace-devel-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kdebase4-workspace-devel-debuginfo-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kdebase4-workspace-ksysguardd-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kdebase4-workspace-ksysguardd-debuginfo-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kdebase4-workspace-liboxygenstyle-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kdebase4-workspace-liboxygenstyle-debuginfo-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kdebase4-workspace-plasma-calendar-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kdebase4-workspace-plasma-calendar-debuginfo-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kdebase4-workspace-plasma-engine-akonadi-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kdebase4-workspace-plasma-engine-akonadi-debuginfo-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kdm-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kdm-branding-upstream-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kdm-debuginfo-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kwin-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"kwin-debuginfo-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"python-kdebase4-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kdebase4-workspace-liboxygenstyle-32bit-4.8.5-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kdebase4-workspace-liboxygenstyle-debuginfo-32bit-4.8.5-2.18.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdebase4-workspace"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_KDE4-KDM-140630.NASL
description	This kdebase4-workspace update fixes two security issues : - NULL pointer dereference in KDM and KCheckPass. (CVE-2013-4132) - Memory leak that could lead to a denial of service. (CVE-2013-4133)
last seen	2020-06-05
modified	2014-07-11
plugin id	76473
published	2014-07-11
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/76473
title	SuSE 11.3 Security Update : kdebase4-workspace (SAT Patch Number 9467)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(76473); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-4132", "CVE-2013-4133"); script_name(english:"SuSE 11.3 Security Update : kdebase4-workspace (SAT Patch Number 9467)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This kdebase4-workspace update fixes two security issues : - NULL pointer dereference in KDM and KCheckPass. (CVE-2013-4132) - Memory leak that could lead to a denial of service. (CVE-2013-4133)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=829857" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4132.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4133.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9467."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kde4-kgreeter-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kdebase4-wallpapers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kdebase4-workspace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kdebase4-workspace-ksysguardd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kdm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kwin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) \|\| int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3"); flag = 0; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kde4-kgreeter-plugins-4.3.5-0.12.18.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kdebase4-wallpapers-4.3.5-0.11.18.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kdebase4-workspace-4.3.5-0.12.18.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kdebase4-workspace-ksysguardd-4.3.5-0.12.18.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kdm-4.3.5-0.12.18.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kwin-4.3.5-0.12.18.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kde4-kgreeter-plugins-4.3.5-0.12.18.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kdebase4-wallpapers-4.3.5-0.11.18.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kdebase4-workspace-4.3.5-0.12.18.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kdebase4-workspace-ksysguardd-4.3.5-0.12.18.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kdm-4.3.5-0.12.18.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kwin-4.3.5-0.12.18.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"kde4-kgreeter-plugins-4.3.5-0.12.18.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"kdebase4-wallpapers-4.3.5-0.11.18.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"kdebase4-workspace-4.3.5-0.12.18.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"kdebase4-workspace-ksysguardd-4.3.5-0.12.18.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"kdm-4.3.5-0.12.18.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"kwin-4.3.5-0.12.18.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2013-607.NASL
description	- Added changeset_ra2bab28a.diff from upstream 4.11 branch, fixes kde#321576 - Added kdm-kcheckpass-Check-for-NULL-return-from-crypt-3-an.pat ch, (bnc#829857, CVE-2013-4132)
last seen	2020-06-05
modified	2014-06-13
plugin id	75097
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/75097
title	openSUSE Security Update : kdebase4-workspace (openSUSE-SU-2013:1253-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2013-607. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75097); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-4132"); script_name(english:"openSUSE Security Update : kdebase4-workspace (openSUSE-SU-2013:1253-1)"); script_summary(english:"Check for the openSUSE-2013-607 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Added changeset_ra2bab28a.diff from upstream 4.11 branch, fixes kde#321576 - Added kdm-kcheckpass-Check-for-NULL-return-from-crypt-3-an.pat ch, (bnc#829857, CVE-2013-4132)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=829857" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2013-07/msg00082.html" ); script_set_attribute( attribute:"solution", value:"Update the affected kdebase4-workspace packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kde4-kgreeter-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kde4-kgreeter-plugins-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-branding-upstream"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-ksysguardd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-ksysguardd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-liboxygenstyle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-liboxygenstyle-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-liboxygenstyle-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-liboxygenstyle-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-plasma-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-workspace-plasma-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdm-branding-upstream"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kwin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kwin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-kdebase4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.3", reference:"kde4-kgreeter-plugins-4.10.5-1.111.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kde4-kgreeter-plugins-debuginfo-4.10.5-1.111.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kdebase4-workspace-4.10.5-1.111.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kdebase4-workspace-branding-upstream-4.10.5-1.111.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kdebase4-workspace-debuginfo-4.10.5-1.111.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kdebase4-workspace-debugsource-4.10.5-1.111.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kdebase4-workspace-devel-4.10.5-1.111.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kdebase4-workspace-devel-debuginfo-4.10.5-1.111.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kdebase4-workspace-ksysguardd-4.10.5-1.111.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kdebase4-workspace-ksysguardd-debuginfo-4.10.5-1.111.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kdebase4-workspace-liboxygenstyle-4.10.5-1.111.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kdebase4-workspace-liboxygenstyle-debuginfo-4.10.5-1.111.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kdebase4-workspace-plasma-calendar-4.10.5-1.111.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kdebase4-workspace-plasma-calendar-debuginfo-4.10.5-1.111.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kdm-4.10.5-1.111.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kdm-branding-upstream-4.10.5-1.111.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kdm-debuginfo-4.10.5-1.111.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kwin-4.10.5-1.111.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kwin-debuginfo-4.10.5-1.111.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"python-kdebase4-4.10.5-1.111.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kdebase4-workspace-liboxygenstyle-32bit-4.10.5-1.111.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kdebase4-workspace-liboxygenstyle-debuginfo-32bit-4.10.5-1.111.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kde4-kgreeter-plugins / kde4-kgreeter-plugins-debuginfo / etc"); }

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

References