Vulnerabilities > CVE-2019-3820 - Improper Authentication vulnerability in multiple products

CVSS 4.3 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

low complexity

nessus

NVD

Published: 2019-02-06

Updated: 2021-09-29

Summary

It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.

Vulnerable Configurations

Part	Description	Count
Application	Gnome Gnome Gnome Shell 3.31.2 Gnome Gnome Shell 3.31.4 Gnome Gnome Shell 3.15.91 Gnome Gnome Shell 3.15.92 Gnome Gnome Shell 3.16.0 Gnome Gnome Shell 3.16.1 Gnome Gnome Shell 3.16.2 Gnome Gnome Shell 3.16.3 Gnome Gnome Shell 3.16.4 Gnome Gnome Shell 3.17.1 Gnome Gnome Shell 3.17.2 Gnome Gnome Shell 3.17.3 Gnome Gnome Shell 3.17.4 Gnome Gnome Shell 3.17.90 Gnome Gnome Shell 3.17.91 Gnome Gnome Shell 3.17.92 Gnome Gnome Shell 3.18.0 Gnome Gnome Shell 3.18.1 Gnome Gnome Shell 3.18.2 Gnome Gnome Shell 3.18.3 Gnome Gnome Shell 3.18.4 Gnome Gnome Shell 3.18.5 Gnome Gnome Shell 3.19.1 Gnome Gnome Shell 3.19.2 Gnome Gnome Shell 3.19.3 Gnome Gnome Shell 3.19.4 Gnome Gnome Shell 3.19.90 Gnome Gnome Shell 3.19.91 Gnome Gnome Shell 3.19.92 Gnome Gnome Shell 3.20.0 Gnome Gnome Shell 3.20.1 Gnome Gnome Shell 3.20.2 Gnome Gnome Shell 3.20.3 Gnome Gnome Shell 3.20.4 Gnome Gnome Shell 3.21.1 Gnome Gnome Shell 3.21.2 Gnome Gnome Shell 3.21.3 Gnome Gnome Shell 3.21.4 Gnome Gnome Shell 3.21.90 Gnome Gnome Shell 3.21.90.1 Gnome Gnome Shell 3.21.91 Gnome Gnome Shell 3.21.92 Gnome Gnome Shell 3.22.0 Gnome Gnome Shell 3.22.1 Gnome Gnome Shell 3.22.2 Gnome Gnome Shell 3.22.3 Gnome Gnome Shell 3.23.1 Gnome Gnome Shell 3.23.2 Gnome Gnome Shell 3.23.3 Gnome Gnome Shell 3.23.90 Gnome Gnome Shell 3.23.91 Gnome Gnome Shell 3.23.92 Gnome Gnome Shell 3.24.0 Gnome Gnome Shell 3.24.1 Gnome Gnome Shell 3.24.2 Gnome Gnome Shell 3.24.3 Gnome Gnome Shell 3.25.1 Gnome Gnome Shell 3.25.2 Gnome Gnome Shell 3.25.3 Gnome Gnome Shell 3.25.4 Gnome Gnome Shell 3.25.90 Gnome Gnome Shell 3.25.91 Gnome Gnome Shell 3.26.0 Gnome Gnome Shell 3.26.1 Gnome Gnome Shell 3.26.2 Gnome Gnome Shell 3.27.1 Gnome Gnome Shell 3.27.91 Gnome Gnome Shell 3.27.92 Gnome Gnome Shell 3.28.0 Gnome Gnome Shell 3.28.1 Gnome Gnome Shell 3.28.2 Gnome Gnome Shell 3.28.3 Gnome Gnome Shell 3.28.4 Gnome Gnome Shell 3.29.1 Gnome Gnome Shell 3.29.2 Gnome Gnome Shell 3.29.3 Gnome Gnome Shell 3.29.4 Gnome Gnome Shell 3.29.90 Gnome Gnome Shell 3.29.91 Gnome Gnome Shell 3.29.92 Gnome Gnome Shell 3.30.0 Gnome Gnome Shell 3.30.1 Gnome Gnome Shell 3.30.2	83
OS	Opensuse Opensuse Leap 42.3 Opensuse Leap 15.0 Opensuse Leap 15.1	3
OS	Canonical Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 18.10	2

Common Weakness Enumeration (CWE)

CWE-287 - Improper Authentication

Common Attack Pattern Enumeration and Classification (CAPEC)

Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker. This attack may exploit assumptions made by the target's authentication procedures, such as assumptions regarding trust relationships or assumptions regarding the generation of secret values. This attack differs from Authentication Bypass attacks in that Authentication Abuse allows the attacker to be certified as a valid user through illegitimate means, while Authentication Bypass allows the user to access protected material without ever being certified as an authenticated user. This attack does not rely on prior sessions established by successfully authenticating users, as relied upon for the "Exploitation of Session Variables, Resource IDs and other Trusted Credentials" attack patterns.
Exploiting Trust in Client (aka Make the Client Invisible)
An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
Utilizing REST's Trust in the System Resource to Register Man in the Middle
This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to place man in the middle once SSL is terminated. Rest applications premise is that they leverage existing infrastructure to deliver web services functionality. An example of this is a Rest application that uses HTTP Get methods and receives a HTTP response with an XML document. These Rest style web services are deployed on existing infrastructure such as Apache and IIS web servers with no SOAP stack required. Unfortunately from a security standpoint, there frequently is no interoperable identity security mechanism deployed, so Rest developers often fall back to SSL to deliver security. In large data centers, SSL is typically terminated at the edge of the network - at the firewall, load balancer, or router. Once the SSL is terminated the HTTP request is in the clear (unless developers have hashed or encrypted the values, but this is rare). The attacker can utilize a sniffer such as Wireshark to snapshot the credentials, such as username and password that are passed in the clear once SSL is terminated. Once the attacker gathers these credentials, they can submit requests to the web service provider just as authorized user do. There is not typically an authentication on the client side, beyond what is passed in the request itself so once this is compromised, then this is generally sufficient to compromise the service's authentication scheme.
Man in the Middle Attack
This type of attack targets the communication between two components (typically client and server). The attacker places himself in the communication channel between the two components. Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first goes to the attacker, who has the opportunity to observe or alter it, and it is then passed on to the other component as if it was never intercepted. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for Man-in-the-Middle attacks yields an implicit lack of trust in communication or identify between two components.

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-1459-1.NASL
description	This update for gnome-shell fixes the following issues : Security issue fixed : CVE-2019-3820: Fixed a partial lock screen bypass (bsc#1124493). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	125849
published	2019-06-12
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125849
title	SUSE SLED15 / SLES15 Security Update : gnome-shell (SUSE-SU-2019:1459-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:1459-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(125849); script_version("1.3"); script_cvs_date("Date: 2020/01/10"); script_cve_id("CVE-2019-3820"); script_name(english:"SUSE SLED15 / SLES15 Security Update : gnome-shell (SUSE-SU-2019:1459-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for gnome-shell fixes the following issues : Security issue fixed : CVE-2019-3820: Fixed a partial lock screen bypass (bsc#1124493). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1124493" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-3820/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20191459-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c45430d2" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Workstation Extension 15-SP1:zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1459=1 SUSE Linux Enterprise Workstation Extension 15:zypper in -t patch SUSE-SLE-Product-WE-15-2019-1459=1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1459=1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1459=1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1:zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1459=1 SUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1459=1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnome-shell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnome-shell-browser-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnome-shell-browser-plugin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnome-shell-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnome-shell-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnome-shell-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/06"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15\|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(0\|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(0\|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0/1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"1", reference:"gnome-shell-browser-plugin-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"gnome-shell-browser-plugin-debuginfo-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"gnome-shell-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"gnome-shell-devel-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnome-shell-browser-plugin-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnome-shell-browser-plugin-debuginfo-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnome-shell-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"gnome-shell-devel-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"gnome-shell-browser-plugin-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"gnome-shell-browser-plugin-debuginfo-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"gnome-shell-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"gnome-shell-devel-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnome-shell-browser-plugin-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnome-shell-browser-plugin-debuginfo-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnome-shell-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnome-shell-debuginfo-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnome-shell-debugsource-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"gnome-shell-devel-3.26.2+20180130.0d9c74212-4.19.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnome-shell"); }

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20200407_GNOME_ON_SL7_X.NASL
description	* gnome-shell: partial lock screen bypass
last seen	2020-04-30
modified	2020-04-21
plugin id	135796
published	2020-04-21
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135796
title	Scientific Linux Security Update : GNOME on SL7.x x86_64 (20200407)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(135796); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/24"); script_cve_id("CVE-2019-3820"); script_name(english:"Scientific Linux Security Update : GNOME on SL7.x x86_64 (20200407)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value:"* gnome-shell: partial lock screen bypass" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2004&L=SCIENTIFIC-LINUX-ERRATA&P=9130 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1df466fb" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:LibRaw"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:LibRaw-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:LibRaw-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:LibRaw-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:accountsservice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:accountsservice-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:accountsservice-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:accountsservice-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:colord"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:colord-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:colord-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:colord-devel-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:colord-extra-profiles"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:colord-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:control-center"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:control-center-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:control-center-filesystem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gdm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gdm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gdm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gdm-pam-extensions-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-classic-session"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-online-accounts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-online-accounts-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-online-accounts-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-settings-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-settings-daemon-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-settings-daemon-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-alternate-tab"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-apps-menu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-auto-move-windows"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-dash-to-dock"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-disable-screenshield"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-drive-menu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-extra-osk-keys"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-horizontal-workspaces"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-launch-new-instance"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-native-window-placement"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-no-hot-corner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-panel-favorites"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-places-menu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-screenshot-window-sizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-systemMonitor"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-top-icons"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-updates-dialog"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-user-theme"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-window-grouper"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-window-list"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-windowsNavigator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-shell-extension-workspace-indicator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gnome-tweak-tool"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gsettings-desktop-schemas"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gsettings-desktop-schemas-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gtk-update-icon-cache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gtk3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gtk3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gtk3-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gtk3-devel-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gtk3-immodule-xim"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gtk3-immodules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gtk3-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libcanberra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libcanberra-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libcanberra-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libcanberra-gtk2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libcanberra-gtk3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libgweather"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libgweather-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libgweather-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mutter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mutter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mutter-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nautilus"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nautilus-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nautilus-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nautilus-extensions"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:osinfo-db"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:shared-mime-info"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:shared-mime-info-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tracker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tracker-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tracker-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tracker-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tracker-needle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tracker-preferences"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xchat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xchat-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xchat-tcl"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/06"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"LibRaw-0.19.4-1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"LibRaw-debuginfo-0.19.4-1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"LibRaw-devel-0.19.4-1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"LibRaw-static-0.19.4-1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"accountsservice-0.6.50-7.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"accountsservice-debuginfo-0.6.50-7.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"accountsservice-devel-0.6.50-7.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"accountsservice-libs-0.6.50-7.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"colord-1.3.4-2.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"colord-debuginfo-1.3.4-2.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"colord-devel-1.3.4-2.el7")) flag++; if (rpm_check(release:"SL7", reference:"colord-devel-docs-1.3.4-2.el7")) flag++; if (rpm_check(release:"SL7", reference:"colord-extra-profiles-1.3.4-2.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"colord-libs-1.3.4-2.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"control-center-3.28.1-6.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"control-center-debuginfo-3.28.1-6.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"control-center-filesystem-3.28.1-6.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gdm-3.28.2-22.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gdm-debuginfo-3.28.2-22.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gdm-devel-3.28.2-22.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gdm-pam-extensions-devel-3.28.2-22.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-classic-session-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnome-classic-session-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnome-online-accounts-3.28.2-1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnome-online-accounts-debuginfo-3.28.2-1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnome-online-accounts-devel-3.28.2-1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnome-settings-daemon-3.28.1-8.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnome-settings-daemon-debuginfo-3.28.1-8.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnome-settings-daemon-devel-3.28.1-8.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnome-shell-3.28.3-24.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnome-shell-debuginfo-3.28.3-24.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-alternate-tab-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnome-shell-extension-alternate-tab-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-apps-menu-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnome-shell-extension-apps-menu-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-auto-move-windows-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-common-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnome-shell-extension-common-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-dash-to-dock-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-disable-screenshield-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-drive-menu-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-extra-osk-keys-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-horizontal-workspaces-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnome-shell-extension-horizontal-workspaces-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-launch-new-instance-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnome-shell-extension-launch-new-instance-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-native-window-placement-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-no-hot-corner-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-panel-favorites-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-places-menu-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnome-shell-extension-places-menu-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-screenshot-window-sizer-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-systemMonitor-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-top-icons-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnome-shell-extension-top-icons-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-updates-dialog-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-user-theme-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnome-shell-extension-user-theme-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-window-grouper-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-window-list-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnome-shell-extension-window-list-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-windowsNavigator-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-shell-extension-workspace-indicator-3.28.1-11.el7")) flag++; if (rpm_check(release:"SL7", reference:"gnome-tweak-tool-3.28.1-7.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gnome-tweak-tool-3.28.1-7.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gsettings-desktop-schemas-3.28.0-3.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gsettings-desktop-schemas-devel-3.28.0-3.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gtk-update-icon-cache-3.22.30-5.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gtk3-3.22.30-5.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gtk3-debuginfo-3.22.30-5.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gtk3-devel-3.22.30-5.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gtk3-devel-docs-3.22.30-5.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gtk3-immodule-xim-3.22.30-5.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gtk3-immodules-3.22.30-5.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gtk3-tests-3.22.30-5.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libcanberra-0.30-9.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libcanberra-debuginfo-0.30-9.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libcanberra-devel-0.30-9.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libcanberra-gtk2-0.30-9.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libcanberra-gtk3-0.30-9.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libgweather-3.28.2-3.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libgweather-debuginfo-3.28.2-3.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libgweather-devel-3.28.2-3.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mutter-3.28.3-20.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mutter-debuginfo-3.28.3-20.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mutter-devel-3.28.3-20.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nautilus-3.26.3.1-7.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nautilus-debuginfo-3.26.3.1-7.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nautilus-devel-3.26.3.1-7.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nautilus-extensions-3.26.3.1-7.el7")) flag++; if (rpm_check(release:"SL7", reference:"osinfo-db-20190805-2.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"osinfo-db-20190805-2.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"shared-mime-info-1.8-5.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"shared-mime-info-debuginfo-1.8-5.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"tracker-1.10.5-8.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"tracker-debuginfo-1.10.5-8.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"tracker-devel-1.10.5-8.el7")) flag++; if (rpm_check(release:"SL7", reference:"tracker-docs-1.10.5-8.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"tracker-needle-1.10.5-8.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"tracker-preferences-1.10.5-8.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xchat-2.8.8-25.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xchat-debuginfo-2.8.8-25.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xchat-tcl-2.8.8-25.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "LibRaw / LibRaw-debuginfo / LibRaw-devel / LibRaw-static / etc"); }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3966-1.NASL
description	It was discovered that the GNOME Shell incorrectly handled certain keyboard inputs. An attacker could possibly use this issue to invoke keyboard shortcuts, and potentially other actions while the workstation was locked. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	124677
published	2019-05-07
reporter	Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124677
title	Ubuntu 18.04 LTS / 18.10 : gnome-shell vulnerability (USN-3966-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3966-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(124677); script_version("1.3"); script_cvs_date("Date: 2020/01/21"); script_cve_id("CVE-2019-3820"); script_xref(name:"USN", value:"3966-1"); script_name(english:"Ubuntu 18.04 LTS / 18.10 : gnome-shell vulnerability (USN-3966-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that the GNOME Shell incorrectly handled certain keyboard inputs. An attacker could possibly use this issue to invoke keyboard shortcuts, and potentially other actions while the workstation was locked. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3966-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected gnome-shell package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnome-shell"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/06"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(18\.04\|18\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.04 / 18.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"18.04", pkgname:"gnome-shell", pkgver:"3.28.3+git20190124-0ubuntu18.04.2")) flag++; if (ubuntu_check(osver:"18.10", pkgname:"gnome-shell", pkgver:"3.30.2-0ubuntu1.18.10.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnome-shell"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1529.NASL
description	This update for gnome-shell fixes the following issues : Security issue fixed : - CVE-2019-3820: Fixed a partial lock screen bypass (bsc#1124493). Fixed bugs : - Remove sessionList of endSessionDialog for security reasons (jsc#SLE-6660). This update was imported from the SUSE:SLE-12-SP2:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	125796
published	2019-06-10
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125796
title	openSUSE Security Update : gnome-shell (openSUSE-2019-1529)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1529. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(125796); script_version("1.2"); script_cvs_date("Date: 2020/01/10"); script_cve_id("CVE-2019-3820"); script_name(english:"openSUSE Security Update : gnome-shell (openSUSE-2019-1529)"); script_summary(english:"Check for the openSUSE-2019-1529 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for gnome-shell fixes the following issues : Security issue fixed : - CVE-2019-3820: Fixed a partial lock screen bypass (bsc#1124493). Fixed bugs : - Remove sessionList of endSessionDialog for security reasons (jsc#SLE-6660). This update was imported from the SUSE:SLE-12-SP2:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124493" ); script_set_attribute( attribute:"solution", value:"Update the affected gnome-shell packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnome-shell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnome-shell-browser-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnome-shell-browser-plugin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnome-shell-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnome-shell-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnome-shell-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnome-shell-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnome-shell-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnome-shell-lang"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/06"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.3", reference:"gnome-shell-3.20.4-22.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"gnome-shell-browser-plugin-3.20.4-22.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"gnome-shell-browser-plugin-debuginfo-3.20.4-22.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"gnome-shell-calendar-3.20.4-22.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"gnome-shell-calendar-debuginfo-3.20.4-22.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"gnome-shell-debuginfo-3.20.4-22.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"gnome-shell-debugsource-3.20.4-22.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"gnome-shell-devel-3.20.4-22.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"gnome-shell-lang-3.20.4-22.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnome-shell / gnome-shell-browser-plugin / etc"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1582.NASL
description	This update for gnome-shell fixes the following issues : Security issue fixed : - CVE-2019-3820: Fixed a partial lock screen bypass (bsc#1124493). This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	126042
published	2019-06-19
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/126042
title	openSUSE Security Update : gnome-shell (openSUSE-2019-1582)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2020-1021.NASL
description	The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1021 advisory. - gnome-shell: partial lock screen bypass (CVE-2019-3820) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-06
modified	2020-04-10
plugin id	135318
published	2020-04-10
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135318
title	CentOS 7 : LibRaw / accountsservice / colord / control-center / gdm / gnome-online-accounts / etc (CESA-2020:1021)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-1021.NASL
description	The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1021 advisory. - gnome-shell: partial lock screen bypass (CVE-2019-3820) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-04-23
modified	2020-03-31
plugin id	135044
published	2020-03-31
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135044
title	RHEL 7 : GNOME (RHSA-2020:1021)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-1390-1.NASL
description	This update for gnome-shell fixes the following issues : Security issue fixed : CVE-2019-3820: Fixed a partial lock screen bypass (bsc#1124493). Fixed bugs: Remove sessionList of endSessionDialog for security reasons (jsc#SLE-6660). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	125674
published	2019-06-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125674
title	SUSE SLED12 / SLES12 Security Update : gnome-shell (SUSE-SU-2019:1390-1)

Redhat

advisories

bugzilla

id	1789491
title	Extensions panel is empty

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment gtk3-immodule-xim is earlier than 0:3.22.30-5.el7
oval oval:com.redhat.rhsa:tst:20201021001
comment gtk3-immodule-xim is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152116106

AND
comment gtk3-devel is earlier than 0:3.22.30-5.el7
oval oval:com.redhat.rhsa:tst:20201021003
comment gtk3-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152116104
AND
comment gtk3 is earlier than 0:3.22.30-5.el7
oval oval:com.redhat.rhsa:tst:20201021005
comment gtk3 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152116108

AND

comment gtk-update-icon-cache is earlier than 0:3.22.30-5.el7
oval oval:com.redhat.rhsa:tst:20201021007
comment gtk-update-icon-cache is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20183140772

AND
comment gtk3-tests is earlier than 0:3.22.30-5.el7
oval oval:com.redhat.rhsa:tst:20201021009
comment gtk3-tests is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20183140766
AND
comment gtk3-immodules is earlier than 0:3.22.30-5.el7
oval oval:com.redhat.rhsa:tst:20201021011
comment gtk3-immodules is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152116112

AND

comment gtk3-devel-docs is earlier than 0:3.22.30-5.el7
oval oval:com.redhat.rhsa:tst:20201021013
comment gtk3-devel-docs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152116110

AND
comment tracker is earlier than 0:1.10.5-8.el7
oval oval:com.redhat.rhsa:tst:20201021015
comment tracker is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20201021016
AND
comment tracker-docs is earlier than 0:1.10.5-8.el7
oval oval:com.redhat.rhsa:tst:20201021017
comment tracker-docs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20201021018

AND

comment tracker-preferences is earlier than 0:1.10.5-8.el7
oval oval:com.redhat.rhsa:tst:20201021019
comment tracker-preferences is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20201021020

AND
comment tracker-needle is earlier than 0:1.10.5-8.el7
oval oval:com.redhat.rhsa:tst:20201021021
comment tracker-needle is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20201021022
AND
comment tracker-devel is earlier than 0:1.10.5-8.el7
oval oval:com.redhat.rhsa:tst:20201021023
comment tracker-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20201021024

AND

comment control-center-filesystem is earlier than 1:3.28.1-6.el7
oval oval:com.redhat.rhsa:tst:20201021025
comment control-center-filesystem is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131540004

AND
comment control-center is earlier than 1:3.28.1-6.el7
oval oval:com.redhat.rhsa:tst:20201021027
comment control-center is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131540008

AND

comment gnome-online-accounts-devel is earlier than 0:3.28.2-1.el7
oval oval:com.redhat.rhsa:tst:20201021029
comment gnome-online-accounts-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20183140212

AND

comment gnome-online-accounts is earlier than 0:3.28.2-1.el7
oval oval:com.redhat.rhsa:tst:20201021031
comment gnome-online-accounts is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20183140214

AND
comment LibRaw is earlier than 0:0.19.4-1.el7
oval oval:com.redhat.rhsa:tst:20201021033
comment LibRaw is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044004
AND
comment LibRaw-static is earlier than 0:0.19.4-1.el7
oval oval:com.redhat.rhsa:tst:20201021035
comment LibRaw-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044008
AND
comment LibRaw-devel is earlier than 0:0.19.4-1.el7
oval oval:com.redhat.rhsa:tst:20201021037
comment LibRaw-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044006
AND
comment xchat-tcl is earlier than 1:2.8.8-25.el7
oval oval:com.redhat.rhsa:tst:20201021039
comment xchat-tcl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044054
AND
comment xchat is earlier than 1:2.8.8-25.el7
oval oval:com.redhat.rhsa:tst:20201021041
comment xchat is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044056

AND

comment nautilus-extensions is earlier than 0:3.26.3.1-7.el7
oval oval:com.redhat.rhsa:tst:20201021043
comment nautilus-extensions is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044112

AND
comment nautilus is earlier than 0:3.26.3.1-7.el7
oval oval:com.redhat.rhsa:tst:20201021045
comment nautilus is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044110
AND
comment nautilus-devel is earlier than 0:3.26.3.1-7.el7
oval oval:com.redhat.rhsa:tst:20201021047
comment nautilus-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044114

AND

comment gsettings-desktop-schemas-devel is earlier than 0:3.28.0-3.el7
oval oval:com.redhat.rhsa:tst:20201021049
comment gsettings-desktop-schemas-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20183140754

AND

comment gsettings-desktop-schemas is earlier than 0:3.28.0-3.el7
oval oval:com.redhat.rhsa:tst:20201021051
comment gsettings-desktop-schemas is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20183140756

AND
comment shared-mime-info is earlier than 0:1.8-5.el7
oval oval:com.redhat.rhsa:tst:20201021053
comment shared-mime-info is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152116062
AND
comment colord-libs is earlier than 0:1.3.4-2.el7
oval oval:com.redhat.rhsa:tst:20201021055
comment colord-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20201021056
AND
comment colord is earlier than 0:1.3.4-2.el7
oval oval:com.redhat.rhsa:tst:20201021057
comment colord is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20201021058

AND

comment colord-extra-profiles is earlier than 0:1.3.4-2.el7
oval oval:com.redhat.rhsa:tst:20201021059
comment colord-extra-profiles is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20201021060

AND

comment colord-devel-docs is earlier than 0:1.3.4-2.el7
oval oval:com.redhat.rhsa:tst:20201021061
comment colord-devel-docs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20201021062

AND
comment colord-devel is earlier than 0:1.3.4-2.el7
oval oval:com.redhat.rhsa:tst:20201021063
comment colord-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20201021064

AND

comment libgweather-devel is earlier than 0:3.28.2-3.el7
oval oval:com.redhat.rhsa:tst:20201021065
comment libgweather-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20183140644

AND
comment libgweather is earlier than 0:3.28.2-3.el7
oval oval:com.redhat.rhsa:tst:20201021067
comment libgweather is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20183140646
AND
comment meson is earlier than 0:0.45.1-4.el7
oval oval:com.redhat.rhsa:tst:20201021069
comment meson is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20183140696

AND

comment gnome-settings-daemon is earlier than 0:3.28.1-8.el7
oval oval:com.redhat.rhsa:tst:20201021071
comment gnome-settings-daemon is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044126

AND

comment gnome-settings-daemon-devel is earlier than 0:3.28.1-8.el7
oval oval:com.redhat.rhsa:tst:20201021073
comment gnome-settings-daemon-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044128

AND
comment osinfo-db is earlier than 0:20190805-2.el7
oval oval:com.redhat.rhsa:tst:20201021075
comment osinfo-db is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20183140434
AND
comment libcanberra-gtk3 is earlier than 0:0.30-9.el7
oval oval:com.redhat.rhsa:tst:20201021077
comment libcanberra-gtk3 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20201021078
AND
comment libcanberra-gtk2 is earlier than 0:0.30-9.el7
oval oval:com.redhat.rhsa:tst:20201021079
comment libcanberra-gtk2 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20201021080

AND

comment libcanberra-devel is earlier than 0:0.30-9.el7
oval oval:com.redhat.rhsa:tst:20201021081
comment libcanberra-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20201021082

AND
comment libcanberra is earlier than 0:0.30-9.el7
oval oval:com.redhat.rhsa:tst:20201021083
comment libcanberra is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20201021084

AND

comment accountsservice-libs is earlier than 0:0.6.50-7.el7
oval oval:com.redhat.rhsa:tst:20201021085
comment accountsservice-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044116

AND
comment accountsservice is earlier than 0:0.6.50-7.el7
oval oval:com.redhat.rhsa:tst:20201021087
comment accountsservice is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044118

AND

comment accountsservice-devel is earlier than 0:0.6.50-7.el7
oval oval:com.redhat.rhsa:tst:20201021089
comment accountsservice-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044120

AND
comment gdm is earlier than 1:3.28.2-22.el7
oval oval:com.redhat.rhsa:tst:20201021091
comment gdm is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20110395006

AND

comment gdm-pam-extensions-devel is earlier than 1:3.28.2-22.el7
oval oval:com.redhat.rhsa:tst:20201021093
comment gdm-pam-extensions-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20183140836

AND
comment gdm-devel is earlier than 1:3.28.2-22.el7
oval oval:com.redhat.rhsa:tst:20201021095
comment gdm-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20172128008
AND
comment mutter is earlier than 0:3.28.3-20.el7
oval oval:com.redhat.rhsa:tst:20201021097
comment mutter is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044106
AND
comment mutter-devel is earlier than 0:3.28.3-20.el7
oval oval:com.redhat.rhsa:tst:20201021099
comment mutter-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044108
AND
comment gnome-shell is earlier than 0:3.28.3-24.el7
oval oval:com.redhat.rhsa:tst:20201021101
comment gnome-shell is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044170

AND

comment gnome-shell-extension-window-list is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021103
comment gnome-shell-extension-window-list is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044134

AND

comment gnome-shell-extension-user-theme is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021105
comment gnome-shell-extension-user-theme is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044136

AND

comment gnome-shell-extension-top-icons is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021107
comment gnome-shell-extension-top-icons is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044144

AND

comment gnome-shell-extension-places-menu is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021109
comment gnome-shell-extension-places-menu is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044140

AND

comment gnome-shell-extension-launch-new-instance is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021111
comment gnome-shell-extension-launch-new-instance is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044142

AND

comment gnome-shell-extension-horizontal-workspaces is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021113
comment gnome-shell-extension-horizontal-workspaces is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193553116

AND

comment gnome-shell-extension-common is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021115
comment gnome-shell-extension-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044138

AND

comment gnome-shell-extension-apps-menu is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021117
comment gnome-shell-extension-apps-menu is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044132

AND

comment gnome-shell-extension-alternate-tab is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021119
comment gnome-shell-extension-alternate-tab is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044130

AND

comment gnome-classic-session is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021121
comment gnome-classic-session is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044146

AND

comment gnome-shell-extension-workspace-indicator is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021123
comment gnome-shell-extension-workspace-indicator is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044158

AND

comment gnome-shell-extension-windowsNavigator is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021125
comment gnome-shell-extension-windowsNavigator is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044166

AND

comment gnome-shell-extension-window-grouper is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021127
comment gnome-shell-extension-window-grouper is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193553134

AND

comment gnome-shell-extension-updates-dialog is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021129
comment gnome-shell-extension-updates-dialog is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044160

AND

comment gnome-shell-extension-systemMonitor is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021131
comment gnome-shell-extension-systemMonitor is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044164

AND

comment gnome-shell-extension-screenshot-window-sizer is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021133
comment gnome-shell-extension-screenshot-window-sizer is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044168

AND

comment gnome-shell-extension-panel-favorites is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021135
comment gnome-shell-extension-panel-favorites is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044152

AND

comment gnome-shell-extension-no-hot-corner is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021137
comment gnome-shell-extension-no-hot-corner is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044154

AND

comment gnome-shell-extension-native-window-placement is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021139
comment gnome-shell-extension-native-window-placement is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044156

AND

comment gnome-shell-extension-extra-osk-keys is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021141
comment gnome-shell-extension-extra-osk-keys is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20201021142

AND

comment gnome-shell-extension-drive-menu is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021143
comment gnome-shell-extension-drive-menu is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044150

AND

comment gnome-shell-extension-disable-screenshield is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021145
comment gnome-shell-extension-disable-screenshield is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193553138

AND

comment gnome-shell-extension-dash-to-dock is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021147
comment gnome-shell-extension-dash-to-dock is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044162

AND

comment gnome-shell-extension-auto-move-windows is earlier than 0:3.28.1-11.el7
oval oval:com.redhat.rhsa:tst:20201021149
comment gnome-shell-extension-auto-move-windows is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20192044148

AND

comment gnome-tweak-tool is earlier than 0:3.28.1-7.el7
oval oval:com.redhat.rhsa:tst:20201021151
comment gnome-tweak-tool is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20183140512

rhsa

id	RHSA-2020:1021
released	2020-03-31
severity	Moderate
title	RHSA-2020:1021: GNOME security, bug fix, and enhancement update (Moderate)

rpms

LibRaw-0:0.19.4-1.el7
LibRaw-debuginfo-0:0.19.4-1.el7
LibRaw-devel-0:0.19.4-1.el7
LibRaw-static-0:0.19.4-1.el7
accountsservice-0:0.6.50-7.el7
accountsservice-debuginfo-0:0.6.50-7.el7
accountsservice-devel-0:0.6.50-7.el7
accountsservice-libs-0:0.6.50-7.el7
colord-0:1.3.4-2.el7
colord-debuginfo-0:1.3.4-2.el7
colord-devel-0:1.3.4-2.el7
colord-devel-docs-0:1.3.4-2.el7
colord-extra-profiles-0:1.3.4-2.el7
colord-libs-0:1.3.4-2.el7
control-center-1:3.28.1-6.el7
control-center-debuginfo-1:3.28.1-6.el7
control-center-filesystem-1:3.28.1-6.el7
gdm-1:3.28.2-22.el7
gdm-debuginfo-1:3.28.2-22.el7
gdm-devel-1:3.28.2-22.el7
gdm-pam-extensions-devel-1:3.28.2-22.el7
gnome-classic-session-0:3.28.1-11.el7
gnome-online-accounts-0:3.28.2-1.el7
gnome-online-accounts-debuginfo-0:3.28.2-1.el7
gnome-online-accounts-devel-0:3.28.2-1.el7
gnome-settings-daemon-0:3.28.1-8.el7
gnome-settings-daemon-debuginfo-0:3.28.1-8.el7
gnome-settings-daemon-devel-0:3.28.1-8.el7
gnome-shell-0:3.28.3-24.el7
gnome-shell-debuginfo-0:3.28.3-24.el7
gnome-shell-extension-alternate-tab-0:3.28.1-11.el7
gnome-shell-extension-apps-menu-0:3.28.1-11.el7
gnome-shell-extension-auto-move-windows-0:3.28.1-11.el7
gnome-shell-extension-common-0:3.28.1-11.el7
gnome-shell-extension-dash-to-dock-0:3.28.1-11.el7
gnome-shell-extension-disable-screenshield-0:3.28.1-11.el7
gnome-shell-extension-drive-menu-0:3.28.1-11.el7
gnome-shell-extension-extra-osk-keys-0:3.28.1-11.el7
gnome-shell-extension-horizontal-workspaces-0:3.28.1-11.el7
gnome-shell-extension-launch-new-instance-0:3.28.1-11.el7
gnome-shell-extension-native-window-placement-0:3.28.1-11.el7
gnome-shell-extension-no-hot-corner-0:3.28.1-11.el7
gnome-shell-extension-panel-favorites-0:3.28.1-11.el7
gnome-shell-extension-places-menu-0:3.28.1-11.el7
gnome-shell-extension-screenshot-window-sizer-0:3.28.1-11.el7
gnome-shell-extension-systemMonitor-0:3.28.1-11.el7
gnome-shell-extension-top-icons-0:3.28.1-11.el7
gnome-shell-extension-updates-dialog-0:3.28.1-11.el7
gnome-shell-extension-user-theme-0:3.28.1-11.el7
gnome-shell-extension-window-grouper-0:3.28.1-11.el7
gnome-shell-extension-window-list-0:3.28.1-11.el7
gnome-shell-extension-windowsNavigator-0:3.28.1-11.el7
gnome-shell-extension-workspace-indicator-0:3.28.1-11.el7
gnome-tweak-tool-0:3.28.1-7.el7
gsettings-desktop-schemas-0:3.28.0-3.el7
gsettings-desktop-schemas-devel-0:3.28.0-3.el7
gtk-update-icon-cache-0:3.22.30-5.el7
gtk3-0:3.22.30-5.el7
gtk3-debuginfo-0:3.22.30-5.el7
gtk3-devel-0:3.22.30-5.el7
gtk3-devel-docs-0:3.22.30-5.el7
gtk3-immodule-xim-0:3.22.30-5.el7
gtk3-immodules-0:3.22.30-5.el7
gtk3-tests-0:3.22.30-5.el7
libcanberra-0:0.30-9.el7
libcanberra-debuginfo-0:0.30-9.el7
libcanberra-devel-0:0.30-9.el7
libcanberra-gtk2-0:0.30-9.el7
libcanberra-gtk3-0:0.30-9.el7
libgweather-0:3.28.2-3.el7
libgweather-debuginfo-0:3.28.2-3.el7
libgweather-devel-0:3.28.2-3.el7
meson-0:0.45.1-4.el7
mutter-0:3.28.3-20.el7
mutter-debuginfo-0:3.28.3-20.el7
mutter-devel-0:3.28.3-20.el7
nautilus-0:3.26.3.1-7.el7
nautilus-debuginfo-0:3.26.3.1-7.el7
nautilus-devel-0:3.26.3.1-7.el7
nautilus-extensions-0:3.26.3.1-7.el7
osinfo-db-0:20190805-2.el7
shared-mime-info-0:1.8-5.el7
shared-mime-info-debuginfo-0:1.8-5.el7
tracker-0:1.10.5-8.el7
tracker-debuginfo-0:1.10.5-8.el7
tracker-devel-0:1.10.5-8.el7
tracker-docs-0:1.10.5-8.el7
tracker-needle-0:1.10.5-8.el7
tracker-preferences-0:1.10.5-8.el7
xchat-1:2.8.8-25.el7
xchat-debuginfo-1:2.8.8-25.el7
xchat-tcl-1:2.8.8-25.el7

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References