This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200412-16
(kdelibs, kdebase: Multiple vulnerabilities)
Daniel Fabian discovered that the KDE core libraries contain a
flaw allowing password disclosure by making a link to a remote file.
When creating this link, the resulting URL contains authentication
credentials used to access the remote file (CAN 2004-1171).
The Konqueror webbrowser allows websites to load webpages into a window
or tab currently used by another website (CAN-2004-1158).
A malicious user could have access to the authentication
credentials of other users depending on the file permissions.
A malicious website could use the window injection vulnerability to
load content in a window apparently belonging to another website.
There is no known workaround at this time.
See also :
All kdelibs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=kde-base/kdelibs-3.2.3-r4'
All kdebase users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=kde-base/kdebase-3.2.3-r3'
Risk factor :
High / CVSS Base Score : 7.5
Family: Gentoo Local Security Checks
Nessus Plugin ID: 16003 (gentoo_GLSA-200412-16.nasl)
CVE ID: CVE-2004-1158CVE-2004-1171
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.