Lucene search

[email protected]CVE-2005-0754

HistoryApr 24, 2005 - 4:00 a.m.

CVE-2005-0754

2005-04-2404:00:00

[email protected]

web.nvd.nist.gov

cve-2005-0754

kommander

kde

remote code execution

data files

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.0%

JSON

Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.

Affected configurations

NVD

Node

kdequantaMatch3.1

conectivalinuxMatch9.0

conectivalinuxMatch10.0

Node

gentoolinux

kdekdeMatch3.2

kdekdeMatch3.2.1

kdekdeMatch3.2.2

kdekdeMatch3.2.3

kdekdeMatch3.3

kdekdeMatch3.3.1

kdekdeMatch3.3.2

kdekdeMatch3.4

redhatfedora_coreMatchcore_3.0

ubuntuubuntu_linuxMatch4.1ia64

ubuntuubuntu_linuxMatch4.1ppc

ubuntuubuntu_linuxMatch5.04amd64

ubuntuubuntu_linuxMatch5.04i386

ubuntuubuntu_linuxMatch5.04powerpc

CPENameOperatorVersion
kde:quantakde quantaeq3.1
conectiva:linuxconectiva linuxeq9.0
conectiva:linuxconectiva linuxeq10.0

CPE	Name	Operator	Version
kde:quanta	kde quanta	eq	3.1
conectiva:linux	conectiva linux	eq	9.0
conectiva:linux	conectiva linux	eq	10.0

References

ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.0-kdewebdev-kommander.diff

marc.info/?l=bugtraq&m=111419664411051&w=2

secunia.com/advisories/15060

www.kde.org/info/security/advisory-20050420-1.txt

www.securityfocus.com/bid/13313

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.0%

JSON

Related for CVE-2005-0754

nessus4 ubuntu1 openvas5 cvelist1 freebsd1 gentoo1 ubuntucve1 debiancve1 nvd1