Detections
Analytics
openSUSE Security Update : sddm (openSUSE-2018-862)
high Nessus Plugin ID 111670
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
This update for sddm fixes the following issues :The following security vulnerability was addressed :
- CVE-2018-14345: Fixed the authentication, which did not check the password for users with an already existing session and allowed any user with access to the system bus to unlock any graphical session. (boo#1101450)
The following other bugs were addressed :
- Fallback to embedded theme, if none is set
- Corrected section name for Wayland
- Removed patch, which is no longer needed, because bug in libxcb was fixed in the meanwhile (boo#1099908)
Solution
Update the affected sddm packages.See Also
Plugin Details
Severity: High
ID: 111670
File Name: openSUSE-2018-862.nasl
Version: 1.5
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 8/14/2018
Updated: 8/22/2024
Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6
Temporal Score: 4.4
Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS Score Source: CVE-2018-14345
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:sddm-branding-upstream, cpe:/o:novell:opensuse:15.0, p-cpe:/a:novell:opensuse:sddm-debugsource, p-cpe:/a:novell:opensuse:sddm-branding-opensuse, p-cpe:/a:novell:opensuse:sddm-debuginfo, p-cpe:/a:novell:opensuse:sddm
Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 8/13/2018
Reference Information
CVE: CVE-2018-14345