{"id": "GENTOO_GLSA-200503-14.NASL", "bulletinFamily": "scanner", "title": "GLSA-200503-14 : KDE dcopidlng: Insecure temporary file creation", "description": "The remote host is affected by the vulnerability described in GLSA-200503-14 (KDE dcopidlng: Insecure temporary file creation)\n\n Davide Madrisan has discovered that the dcopidlng script creates temporary files in a world-writable directory with predictable names.\n Impact :\n\n A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem.\n When dcopidlng is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user.\n Workaround :\n\n There is no known workaround at this time.", "published": "2005-03-08T00:00:00", "modified": "2018-08-10T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=17288", "reporter": "Tenable", "references": ["https://security.gentoo.org/glsa/200503-14"], "cvelist": ["CVE-2005-0365"], "type": "nessus", "lastseen": "2019-02-21T01:08:26", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:gentoo:linux:kdelibs", "cpe:/o:gentoo:linux"], "cvelist": ["CVE-2005-0365"], "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200503-14 (KDE dcopidlng: Insecure temporary file creation)\n\n Davide Madrisan has discovered that the dcopidlng script creates temporary files in a world-writable directory with predictable names.\n Impact :\n\n A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem.\n When dcopidlng is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user.\n Workaround :\n\n There is no known workaround at this time.", "edition": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "ee99a7029e2d21403a4f7953634fc464722db9223620dea334b3b06b7f94357a", "hashmap": [{"hash": "9c6fe61712654f56360b12011e3de300", "key": "modified"}, {"hash": "76e9ff11843a714b5899cf6ef1d344ca", "key": "references"}, {"hash": "42b8497828b52721820aff00116ce709", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4658c70dd8ca306b36e70dcfa11f3a19", "key": "title"}, {"hash": "73fa61ad33d596ce3f642aa3a332e792", "key": "pluginID"}, {"hash": "3a771050d21d3765436dc18f286de08c", "key": "href"}, {"hash": "054f48623d3cff7d9f8a2aba6cd93cec", "key": "published"}, {"hash": "ed2d4671248fcbbd20d1024a19762693", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "63f7da295d063bd8c87afae1ba4afadb", "key": "cpe"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "98565064ad1a1547093df2670feea6e2", "key": "sourceData"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "b0af4d867514c2c90bf44e8b56078211", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=17288", "id": "GENTOO_GLSA-200503-14.NASL", "lastseen": "2018-08-11T09:01:01", "modified": "2018-08-10T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "17288", "published": "2005-03-08T00:00:00", "references": ["https://security.gentoo.org/glsa/200503-14"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200503-14.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17288);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2005-0365\");\n script_xref(name:\"GLSA\", value:\"200503-14\");\n\n script_name(english:\"GLSA-200503-14 : KDE dcopidlng: Insecure temporary file creation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200503-14\n(KDE dcopidlng: Insecure temporary file creation)\n\n Davide Madrisan has discovered that the dcopidlng script creates\n temporary files in a world-writable directory with predictable names.\n \nImpact :\n\n A local attacker could create symbolic links in the temporary\n files directory, pointing to a valid file somewhere on the filesystem.\n When dcopidlng is executed, this would result in the file being\n overwritten with the rights of the user running the utility, which\n could be the root user.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200503-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All kdelibs users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose kde-base/kdelibs\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/08\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"kde-base/kdelibs\", unaffected:make_list(\"ge 3.3.2-r5\", \"rge 3.2.3-r7\"), vulnerable:make_list(\"lt 3.3.2-r5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"KDE dcopidlng\");\n}\n", "title": "GLSA-200503-14 : KDE dcopidlng: Insecure temporary file creation", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-11T09:01:01"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2005-0365"], "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200503-14 (KDE dcopidlng: Insecure temporary file creation)\n\n Davide Madrisan has discovered that the dcopidlng script creates temporary files in a world-writable directory with predictable names.\n Impact :\n\n A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem.\n When dcopidlng is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user.\n Workaround :\n\n There is no known workaround at this time.", "edition": 1, "enchantments": {}, "hash": "f5c87749d8dd89174ee0d081ee14fe3099e3953a031959ea4ee889391696b14f", "hashmap": [{"hash": "76e9ff11843a714b5899cf6ef1d344ca", "key": "references"}, {"hash": "42b8497828b52721820aff00116ce709", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4658c70dd8ca306b36e70dcfa11f3a19", "key": "title"}, {"hash": "73fa61ad33d596ce3f642aa3a332e792", "key": "pluginID"}, {"hash": "3a771050d21d3765436dc18f286de08c", "key": "href"}, {"hash": "326af443ca0c41e91daa171ff124ce60", "key": "modified"}, {"hash": "054f48623d3cff7d9f8a2aba6cd93cec", "key": "published"}, {"hash": "ed2d4671248fcbbd20d1024a19762693", "key": "cvss"}, {"hash": "74076571d98846bb46f260780fd19c85", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "b0af4d867514c2c90bf44e8b56078211", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=17288", "id": "GENTOO_GLSA-200503-14.NASL", "lastseen": "2016-09-26T17:23:42", "modified": "2015-04-13T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.2", "pluginID": "17288", "published": "2005-03-08T00:00:00", "references": ["https://security.gentoo.org/glsa/200503-14"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200503-14.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17288);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2015/04/13 13:41:58 $\");\n\n script_cve_id(\"CVE-2005-0365\");\n script_osvdb_id(13773);\n script_xref(name:\"GLSA\", value:\"200503-14\");\n\n script_name(english:\"GLSA-200503-14 : KDE dcopidlng: Insecure temporary file creation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200503-14\n(KDE dcopidlng: Insecure temporary file creation)\n\n Davide Madrisan has discovered that the dcopidlng script creates\n temporary files in a world-writable directory with predictable names.\n \nImpact :\n\n A local attacker could create symbolic links in the temporary\n files directory, pointing to a valid file somewhere on the filesystem.\n When dcopidlng is executed, this would result in the file being\n overwritten with the rights of the user running the utility, which\n could be the root user.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200503-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All kdelibs users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose kde-base/kdelibs\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/08\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"kde-base/kdelibs\", unaffected:make_list(\"ge 3.3.2-r5\", \"rge 3.2.3-r7\"), vulnerable:make_list(\"lt 3.3.2-r5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"KDE dcopidlng\");\n}\n", "title": "GLSA-200503-14 : KDE dcopidlng: Insecure temporary file creation", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:42"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:gentoo:linux:kdelibs", "cpe:/o:gentoo:linux"], "cvelist": ["CVE-2005-0365"], "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200503-14 (KDE dcopidlng: Insecure temporary file creation)\n\n Davide Madrisan has discovered that the dcopidlng script creates temporary files in a world-writable directory with predictable names.\n Impact :\n\n A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem.\n When dcopidlng is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user.\n Workaround :\n\n There is no known workaround at this time.", "edition": 2, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "00f54fad54cd48ab66ebe239aae25a3e106280588f04338f9af8a1e8f30e841e", "hashmap": [{"hash": "76e9ff11843a714b5899cf6ef1d344ca", "key": "references"}, {"hash": "42b8497828b52721820aff00116ce709", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4658c70dd8ca306b36e70dcfa11f3a19", "key": "title"}, {"hash": "73fa61ad33d596ce3f642aa3a332e792", "key": "pluginID"}, {"hash": "3a771050d21d3765436dc18f286de08c", "key": "href"}, {"hash": "326af443ca0c41e91daa171ff124ce60", "key": "modified"}, {"hash": "054f48623d3cff7d9f8a2aba6cd93cec", "key": "published"}, {"hash": "ed2d4671248fcbbd20d1024a19762693", "key": "cvss"}, {"hash": "74076571d98846bb46f260780fd19c85", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "63f7da295d063bd8c87afae1ba4afadb", "key": "cpe"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "b0af4d867514c2c90bf44e8b56078211", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=17288", "id": "GENTOO_GLSA-200503-14.NASL", "lastseen": "2017-10-29T13:35:08", "modified": "2015-04-13T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "17288", "published": "2005-03-08T00:00:00", "references": ["https://security.gentoo.org/glsa/200503-14"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200503-14.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17288);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2015/04/13 13:41:58 $\");\n\n script_cve_id(\"CVE-2005-0365\");\n script_osvdb_id(13773);\n script_xref(name:\"GLSA\", value:\"200503-14\");\n\n script_name(english:\"GLSA-200503-14 : KDE dcopidlng: Insecure temporary file creation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200503-14\n(KDE dcopidlng: Insecure temporary file creation)\n\n Davide Madrisan has discovered that the dcopidlng script creates\n temporary files in a world-writable directory with predictable names.\n \nImpact :\n\n A local attacker could create symbolic links in the temporary\n files directory, pointing to a valid file somewhere on the filesystem.\n When dcopidlng is executed, this would result in the file being\n overwritten with the rights of the user running the utility, which\n could be the root user.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200503-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All kdelibs users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose kde-base/kdelibs\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/08\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"kde-base/kdelibs\", unaffected:make_list(\"ge 3.3.2-r5\", \"rge 3.2.3-r7\"), vulnerable:make_list(\"lt 3.3.2-r5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"KDE dcopidlng\");\n}\n", "title": "GLSA-200503-14 : KDE dcopidlng: Insecure temporary file creation", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:35:08"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:gentoo:linux:kdelibs", "cpe:/o:gentoo:linux"], "cvelist": ["CVE-2005-0365"], "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200503-14 (KDE dcopidlng: Insecure temporary file creation)\n\n Davide Madrisan has discovered that the dcopidlng script creates temporary files in a world-writable directory with predictable names.\n Impact :\n\n A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem.\n When dcopidlng is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user.\n Workaround :\n\n There is no known workaround at this time.", "edition": 5, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "ee99a7029e2d21403a4f7953634fc464722db9223620dea334b3b06b7f94357a", "hashmap": [{"hash": "9c6fe61712654f56360b12011e3de300", "key": "modified"}, {"hash": "76e9ff11843a714b5899cf6ef1d344ca", "key": "references"}, {"hash": "42b8497828b52721820aff00116ce709", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4658c70dd8ca306b36e70dcfa11f3a19", "key": "title"}, {"hash": "73fa61ad33d596ce3f642aa3a332e792", "key": "pluginID"}, {"hash": "3a771050d21d3765436dc18f286de08c", "key": "href"}, {"hash": "054f48623d3cff7d9f8a2aba6cd93cec", "key": "published"}, {"hash": "ed2d4671248fcbbd20d1024a19762693", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "63f7da295d063bd8c87afae1ba4afadb", "key": "cpe"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "98565064ad1a1547093df2670feea6e2", "key": "sourceData"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "b0af4d867514c2c90bf44e8b56078211", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=17288", "id": "GENTOO_GLSA-200503-14.NASL", "lastseen": "2018-09-01T23:37:05", "modified": "2018-08-10T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "17288", "published": "2005-03-08T00:00:00", "references": ["https://security.gentoo.org/glsa/200503-14"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200503-14.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17288);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2005-0365\");\n script_xref(name:\"GLSA\", value:\"200503-14\");\n\n script_name(english:\"GLSA-200503-14 : KDE dcopidlng: Insecure temporary file creation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200503-14\n(KDE dcopidlng: Insecure temporary file creation)\n\n Davide Madrisan has discovered that the dcopidlng script creates\n temporary files in a world-writable directory with predictable names.\n \nImpact :\n\n A local attacker could create symbolic links in the temporary\n files directory, pointing to a valid file somewhere on the filesystem.\n When dcopidlng is executed, this would result in the file being\n overwritten with the rights of the user running the utility, which\n could be the root user.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200503-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All kdelibs users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose kde-base/kdelibs\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/08\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"kde-base/kdelibs\", unaffected:make_list(\"ge 3.3.2-r5\", \"rge 3.2.3-r7\"), vulnerable:make_list(\"lt 3.3.2-r5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"KDE dcopidlng\");\n}\n", "title": "GLSA-200503-14 : KDE dcopidlng: Insecure temporary file creation", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-09-01T23:37:05"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:gentoo:linux:kdelibs", "cpe:/o:gentoo:linux"], "cvelist": ["CVE-2005-0365"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is affected by the vulnerability described in GLSA-200503-14 (KDE dcopidlng: Insecure temporary file creation)\n\n Davide Madrisan has discovered that the dcopidlng script creates temporary files in a world-writable directory with predictable names.\n Impact :\n\n A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem.\n When dcopidlng is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user.\n Workaround :\n\n There is no known workaround at this time.", "edition": 4, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "346556b8070ff72badc209274800bcb3ad0e95c4de026e7fef3e465b2e126b37", "hashmap": [{"hash": "9c6fe61712654f56360b12011e3de300", "key": "modified"}, {"hash": "76e9ff11843a714b5899cf6ef1d344ca", "key": "references"}, {"hash": "42b8497828b52721820aff00116ce709", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4658c70dd8ca306b36e70dcfa11f3a19", "key": "title"}, {"hash": "73fa61ad33d596ce3f642aa3a332e792", "key": "pluginID"}, {"hash": "3a771050d21d3765436dc18f286de08c", "key": "href"}, {"hash": "054f48623d3cff7d9f8a2aba6cd93cec", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "63f7da295d063bd8c87afae1ba4afadb", "key": "cpe"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "98565064ad1a1547093df2670feea6e2", "key": "sourceData"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "b0af4d867514c2c90bf44e8b56078211", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=17288", "id": "GENTOO_GLSA-200503-14.NASL", "lastseen": "2018-08-30T19:33:53", "modified": "2018-08-10T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "17288", "published": "2005-03-08T00:00:00", "references": ["https://security.gentoo.org/glsa/200503-14"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200503-14.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17288);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2005-0365\");\n script_xref(name:\"GLSA\", value:\"200503-14\");\n\n script_name(english:\"GLSA-200503-14 : KDE dcopidlng: Insecure temporary file creation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200503-14\n(KDE dcopidlng: Insecure temporary file creation)\n\n Davide Madrisan has discovered that the dcopidlng script creates\n temporary files in a world-writable directory with predictable names.\n \nImpact :\n\n A local attacker could create symbolic links in the temporary\n files directory, pointing to a valid file somewhere on the filesystem.\n When dcopidlng is executed, this would result in the file being\n overwritten with the rights of the user running the utility, which\n could be the root user.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200503-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All kdelibs users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose kde-base/kdelibs\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/08\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"kde-base/kdelibs\", unaffected:make_list(\"ge 3.3.2-r5\", \"rge 3.2.3-r7\"), vulnerable:make_list(\"lt 3.3.2-r5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"KDE dcopidlng\");\n}\n", "title": "GLSA-200503-14 : KDE dcopidlng: Insecure temporary file creation", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:33:53"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:gentoo:linux:kdelibs", "cpe:/o:gentoo:linux"], "cvelist": ["CVE-2005-0365"], "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200503-14\n(KDE dcopidlng: Insecure temporary file creation)\n\n Davide Madrisan has discovered that the dcopidlng script creates\n temporary files in a world-writable directory with predictable names.\nImpact :\n\n A local attacker could create symbolic links in the temporary\n files directory, pointing to a valid file somewhere on the filesystem.\n When dcopidlng is executed, this would result in the file being\n overwritten with the rights of the user running the utility, which\n could be the root user.\nWorkaround :\n\n There is no known workaround at this time.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:05:59", "references": [{"idList": ["GLSA-200503-14"], "type": "gentoo"}, {"idList": ["MANDRAKE_MDKSA-2005-045.NASL", "REDHAT-RHSA-2005-325.NASL", "FREEBSD_PKG_29DD006581FA11D9A9E70001020EED82.NASL", "MANDRAKE_MDKSA-2005-058.NASL", "FEDORA_2005-245.NASL"], "type": "nessus"}, {"idList": ["CVE-2005-0365"], "type": "cve"}, {"idList": ["SECURITYVULNS:DOC:8083"], "type": "securityvulns"}, {"idList": ["RHSA-2005:325"], "type": "redhat"}, {"idList": ["OPENVAS:54879", "OPENVAS:52180"], "type": "openvas"}, {"idList": ["OSVDB:13773"], "type": "osvdb"}, {"idList": ["29DD0065-81FA-11D9-A9E7-0001020EED82"], "type": "freebsd"}]}, "score": {"value": 7.2, "vector": "NONE"}}, "hash": "1f2161f9613fce0b4f5553b8d21e59a745a3feeb3c7c3c2d5f7db01d89c6564b", "hashmap": [{"hash": "9c6fe61712654f56360b12011e3de300", "key": "modified"}, {"hash": "76e9ff11843a714b5899cf6ef1d344ca", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4658c70dd8ca306b36e70dcfa11f3a19", "key": "title"}, {"hash": "73fa61ad33d596ce3f642aa3a332e792", "key": "pluginID"}, {"hash": "3a771050d21d3765436dc18f286de08c", "key": "href"}, {"hash": "3a13eb13d7749f839dab28b1340abaa6", "key": "description"}, {"hash": "054f48623d3cff7d9f8a2aba6cd93cec", "key": "published"}, {"hash": "ed2d4671248fcbbd20d1024a19762693", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "63f7da295d063bd8c87afae1ba4afadb", "key": "cpe"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "98565064ad1a1547093df2670feea6e2", "key": "sourceData"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "b0af4d867514c2c90bf44e8b56078211", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=17288", "id": "GENTOO_GLSA-200503-14.NASL", "lastseen": "2019-01-16T20:05:59", "modified": "2018-08-10T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "17288", "published": "2005-03-08T00:00:00", "references": ["https://security.gentoo.org/glsa/200503-14"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200503-14.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17288);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2005-0365\");\n script_xref(name:\"GLSA\", value:\"200503-14\");\n\n script_name(english:\"GLSA-200503-14 : KDE dcopidlng: Insecure temporary file creation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200503-14\n(KDE dcopidlng: Insecure temporary file creation)\n\n Davide Madrisan has discovered that the dcopidlng script creates\n temporary files in a world-writable directory with predictable names.\n \nImpact :\n\n A local attacker could create symbolic links in the temporary\n files directory, pointing to a valid file somewhere on the filesystem.\n When dcopidlng is executed, this would result in the file being\n overwritten with the rights of the user running the utility, which\n could be the root user.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200503-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All kdelibs users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose kde-base/kdelibs\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/08\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"kde-base/kdelibs\", unaffected:make_list(\"ge 3.3.2-r5\", \"rge 3.2.3-r7\"), vulnerable:make_list(\"lt 3.3.2-r5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"KDE dcopidlng\");\n}\n", "title": "GLSA-200503-14 : KDE dcopidlng: Insecure temporary file creation", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:05:59"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "63f7da295d063bd8c87afae1ba4afadb"}, {"key": "cvelist", "hash": "b0af4d867514c2c90bf44e8b56078211"}, {"key": "cvss", "hash": "ed2d4671248fcbbd20d1024a19762693"}, {"key": "description", "hash": "42b8497828b52721820aff00116ce709"}, {"key": "href", "hash": "3a771050d21d3765436dc18f286de08c"}, {"key": "modified", "hash": "9c6fe61712654f56360b12011e3de300"}, {"key": "naslFamily", "hash": "cf18d881f0f76f23f322ed3f861d3616"}, {"key": "pluginID", "hash": "73fa61ad33d596ce3f642aa3a332e792"}, {"key": "published", "hash": "054f48623d3cff7d9f8a2aba6cd93cec"}, {"key": "references", "hash": "76e9ff11843a714b5899cf6ef1d344ca"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "98565064ad1a1547093df2670feea6e2"}, {"key": "title", "hash": "4658c70dd8ca306b36e70dcfa11f3a19"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "ee99a7029e2d21403a4f7953634fc464722db9223620dea334b3b06b7f94357a", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0365"]}, {"type": "osvdb", "idList": ["OSVDB:13773"]}, {"type": "freebsd", "idList": ["29DD0065-81FA-11D9-A9E7-0001020EED82"]}, {"type": "nessus", "idList": ["FEDORA_2005-245.NASL", "FREEBSD_PKG_29DD006581FA11D9A9E70001020EED82.NASL", "MANDRAKE_MDKSA-2005-045.NASL", "REDHAT-RHSA-2005-325.NASL", "MANDRAKE_MDKSA-2005-058.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:54879", "OPENVAS:52180"]}, {"type": "gentoo", "idList": ["GLSA-200503-14"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8083"]}, {"type": "redhat", "idList": ["RHSA-2005:325"]}], "modified": "2019-02-21T01:08:26"}, "score": {"value": 7.2, "vector": "NONE"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200503-14.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17288);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2005-0365\");\n script_xref(name:\"GLSA\", value:\"200503-14\");\n\n script_name(english:\"GLSA-200503-14 : KDE dcopidlng: Insecure temporary file creation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200503-14\n(KDE dcopidlng: Insecure temporary file creation)\n\n Davide Madrisan has discovered that the dcopidlng script creates\n temporary files in a world-writable directory with predictable names.\n \nImpact :\n\n A local attacker could create symbolic links in the temporary\n files directory, pointing to a valid file somewhere on the filesystem.\n When dcopidlng is executed, this would result in the file being\n overwritten with the rights of the user running the utility, which\n could be the root user.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200503-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All kdelibs users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose kde-base/kdelibs\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/08\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"kde-base/kdelibs\", unaffected:make_list(\"ge 3.3.2-r5\", \"rge 3.2.3-r7\"), vulnerable:make_list(\"lt 3.3.2-r5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"KDE dcopidlng\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "pluginID": "17288", "cpe": ["p-cpe:/a:gentoo:linux:kdelibs", "cpe:/o:gentoo:linux"], "scheme": null}

{"cve": [{"lastseen": "2017-10-11T11:06:09", "bulletinFamily": "NVD", "description": "The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.", "modified": "2017-10-10T21:29:55", "published": "2005-05-02T00:00:00", "id": "CVE-2005-0365", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0365", "title": "CVE-2005-0365", "type": "cve", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:09", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200503-14.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54879", "id": "OPENVAS:54879", "title": "Gentoo Security Advisory GLSA 200503-14 (dcopidlng)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The dcopidlng script is vulnerable to symlink attacks, potentially allowing\na local user to overwrite arbitrary files.\";\ntag_solution = \"All kdelibs users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose kde-base/kdelibs\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200503-14\nhttp://bugs.gentoo.org/show_bug.cgi?id=81652\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200503-14.\";\n\n \n\nif(description)\n{\n script_id(54879);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-0365\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200503-14 (dcopidlng)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"kde-base/kdelibs\", unaffected: make_list(\"ge 3.3.2-r5\", \"rge 3.2.3-r7\"), vulnerable: make_list(\"lt 3.3.2-r5\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:10:14", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-21T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=52180", "id": "OPENVAS:52180", "title": "FreeBSD Ports: kdelibs, ja-kdelibs", "type": "openvas", "sourceData": "#\n#VID 29dd0065-81fa-11d9-a9e7-0001020eed82\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n kdelibs\n ja-kdelibs\n\nCVE-2005-0365\nThe dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files\nwith predictable filenames, which allows local users to overwrite\narbitrary files via a symlink attack.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugs.kde.org/show_bug.cgi?id=97608\nhttp://marc.theaimsgroup.com/?l=bugtraq&m=110814653804757\nhttp://www.vuxml.org/freebsd/29dd0065-81fa-11d9-a9e7-0001020eed82.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52180);\n script_version(\"$Revision: 4125 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-21 07:39:51 +0200 (Wed, 21 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2005-0365\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: kdelibs, ja-kdelibs\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"kdelibs\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.3.2_5\")<0) {\n txt += 'Package kdelibs version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ja-kdelibs\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.3.2_5\")<0) {\n txt += 'Package ja-kdelibs version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:09", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200503-14.xml)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20050316-3.txt)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000953)\nSecurity Tracker: 1013525\n[Secunia Advisory ID:14254](https://secuniaresearch.flexerasoftware.com/advisories/14254/)\n[Secunia Advisory ID:14323](https://secuniaresearch.flexerasoftware.com/advisories/14323/)\n[Secunia Advisory ID:14605](https://secuniaresearch.flexerasoftware.com/advisories/14605/)\n[Secunia Advisory ID:14682](https://secuniaresearch.flexerasoftware.com/advisories/14682/)\n[Secunia Advisory ID:14704](https://secuniaresearch.flexerasoftware.com/advisories/14704/)\nRedHat RHSA: RHSA-2005:325\nOther Advisory URL: http://bugs.kde.org/show_bug.cgi?id=97608\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:045\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:058\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-02/0113.html\n[CVE-2005-0365](https://vulners.com/cve/CVE-2005-0365)\n", "modified": "2005-01-21T06:09:12", "published": "2005-01-21T06:09:12", "href": "https://vulners.com/osvdb/OSVDB:13773", "id": "OSVDB:13773", "title": "KDE kdelibs dcopidlng Script Arbitrary File Manipulation", "type": "osvdb", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-02-21T01:08:46", "bulletinFamily": "scanner", "description": "- Wed Mar 23 2005 Than Ngo <than at redhat.com> 6:3.3.1-2.9.FC3\n\n - Applied patch to fix konqueror international domain name spoofing, CVE-2005-0237, #147405\n\n - get rid of broken AltiVec instructions on ppc\n\n - Wed Mar 2 2005 Than Ngo <than at redhat.com> 6:3.3.1-2.8.FC3\n\n - Applied patch to fix DCOP DoS, CVE-2005-0396, #150092 thanks KDE security team\n\n - Wed Feb 16 2005 Than Ngo <than at redhat.com> 6:3.3.1-2.7.FC3\n\n - Applied patch to fix dcopidlng insecure temporary file usage, CVE-2005-0365, #148823\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-07-19T00:00:00", "id": "FEDORA_2005-245.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19631", "published": "2005-09-12T00:00:00", "title": "Fedora Core 3 : kdelibs-3.3.1-2.9.FC3 (2005-245)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-245.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19631);\n script_version (\"1.13\");\n script_cvs_date(\"Date: 2018/07/19 23:19:04\");\n\n script_cve_id(\"CVE-2005-0365\");\n script_xref(name:\"FEDORA\", value:\"2005-245\");\n\n script_name(english:\"Fedora Core 3 : kdelibs-3.3.1-2.9.FC3 (2005-245)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Wed Mar 23 2005 Than Ngo <than at redhat.com>\n 6:3.3.1-2.9.FC3\n\n - Applied patch to fix konqueror international domain name\n spoofing, CVE-2005-0237, #147405\n\n - get rid of broken AltiVec instructions on ppc\n\n - Wed Mar 2 2005 Than Ngo <than at redhat.com>\n 6:3.3.1-2.8.FC3\n\n - Applied patch to fix DCOP DoS, CVE-2005-0396, #150092\n thanks KDE security team\n\n - Wed Feb 16 2005 Than Ngo <than at redhat.com>\n 6:3.3.1-2.7.FC3\n\n - Applied patch to fix dcopidlng insecure temporary file\n usage, CVE-2005-0365, #148823\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-March/000793.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?52f23b2e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kdelibs, kdelibs-debuginfo and / or kdelibs-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdelibs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdelibs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"kdelibs-3.3.1-2.9.FC3\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"kdelibs-debuginfo-3.3.1-2.9.FC3\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"kdelibs-devel-3.3.1-2.9.FC3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs / kdelibs-debuginfo / kdelibs-devel\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:08:39", "bulletinFamily": "scanner", "description": "Davide Madrisan reports :\n\nThe `dcopidlng' script in the KDE library package (kdelibs-3.3.2/dcop/dcopidlng/dcopidlng) creates temporary files in a unsecure manner.\n\nNote: dcopidlng is only used at build time, so only users installing KDE are vulnerable, not users already running KDE.", "modified": "2018-11-21T00:00:00", "id": "FREEBSD_PKG_29DD006581FA11D9A9E70001020EED82.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=18881", "published": "2005-07-13T00:00:00", "title": "FreeBSD : kdelibs -- insecure temporary file creation (29dd0065-81fa-11d9-a9e7-0001020eed82)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18881);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/21 10:46:30\");\n\n script_cve_id(\"CVE-2005-0365\");\n\n script_name(english:\"FreeBSD : kdelibs -- insecure temporary file creation (29dd0065-81fa-11d9-a9e7-0001020eed82)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Davide Madrisan reports :\n\nThe `dcopidlng' script in the KDE library package\n(kdelibs-3.3.2/dcop/dcopidlng/dcopidlng) creates temporary files in a\nunsecure manner.\n\nNote: dcopidlng is only used at build time, so only users installing\nKDE are vulnerable, not users already running KDE.\"\n );\n # http://bugs.kde.org/show_bug.cgi?id=97608\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.kde.org/show_bug.cgi?id=97608\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=110814653804757\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=bugtraq&m=110814653804757\"\n );\n # https://vuxml.freebsd.org/freebsd/29dd0065-81fa-11d9-a9e7-0001020eed82.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a0a52fa9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"kdelibs<3.3.2_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-kdelibs<3.3.2_5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:08:24", "bulletinFamily": "scanner", "description": "A bug in the way kioslave handles URL-encoded newline (%0a) characters before the FTP command was discovered. Because of this, it is possible that a specially crafted URL could be used to execute any ftp command on a remote server, or even send unsolicited email.\n\nAs well, Davide Madrisan discovered that dcopidlng created temporary files in an insecure manner.\n\nThe updated packages are patched to deal with these issues.", "modified": "2018-07-19T00:00:00", "id": "MANDRAKE_MDKSA-2005-045.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=17140", "published": "2005-02-18T00:00:00", "title": "Mandrake Linux Security Advisory : kdelibs (MDKSA-2005:045)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:045. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17140);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2004-1165\", \"CVE-2005-0365\");\n script_xref(name:\"MDKSA\", value:\"2005:045\");\n\n script_name(english:\"Mandrake Linux Security Advisory : kdelibs (MDKSA-2005:045)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A bug in the way kioslave handles URL-encoded newline (%0a) characters\nbefore the FTP command was discovered. Because of this, it is possible\nthat a specially crafted URL could be used to execute any ftp command\non a remote server, or even send unsolicited email.\n\nAs well, Davide Madrisan discovered that dcopidlng created temporary\nfiles in an insecure manner.\n\nThe updated packages are patched to deal with these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.kde.org/show_bug.cgi?id=97608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kde.org/info/security/advisory-20050101-1.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdelibs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdecore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdecore4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdecore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdecore4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"kdelibs-common-3.2-36.10.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64kdecore4-3.2-36.10.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64kdecore4-devel-3.2-36.10.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libkdecore4-3.2-36.10.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libkdecore4-devel-3.2-36.10.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.1\", reference:\"kdelibs-common-3.2.3-103.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64kdecore4-3.2.3-103.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64kdecore4-devel-3.2.3-103.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libkdecore4-3.2.3-103.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libkdecore4-devel-3.2.3-103.1.101mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:28", "bulletinFamily": "scanner", "description": "Updated kdelibs packages that fix several security issues are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kdelibs package provides libraries for the K Desktop Environment.\n\nThe International Domain Name (IDN) support in the Konqueror browser allowed remote attackers to spoof domain names using punycode encoded domain names. Such domain names are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0237 to this issue.\n\nSebastian Krahmer discovered a flaw in dcopserver, the KDE Desktop Communication Protocol (DCOP) daemon. A local user could use this flaw to stall the DCOP authentication process, affecting any local desktop users and causing a reduction in their desktop functionality. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0396 to this issue.\n\nA flaw in the dcopidlng script was discovered. The dcopidlng script would create temporary files with predictable filenames which could allow local users to overwrite arbitrary files via a symlink attack.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0365 to this issue.\n\nUsers of KDE should upgrade to these erratum packages which contain backported patches to correct these issues.", "modified": "2018-11-27T00:00:00", "id": "REDHAT-RHSA-2005-325.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=17625", "published": "2005-03-25T00:00:00", "title": "RHEL 4 : kdelibs (RHSA-2005:325)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:325. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17625);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2018/11/27 13:31:32\");\n\n script_cve_id(\"CVE-2005-0237\", \"CVE-2005-0365\", \"CVE-2005-0396\");\n script_xref(name:\"RHSA\", value:\"2005:325\");\n\n script_name(english:\"RHEL 4 : kdelibs (RHSA-2005:325)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kdelibs packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kdelibs package provides libraries for the K Desktop Environment.\n\nThe International Domain Name (IDN) support in the Konqueror browser\nallowed remote attackers to spoof domain names using punycode encoded\ndomain names. Such domain names are decoded in URLs and SSL\ncertificates in a way that uses homograph characters from other\ncharacter sets, which facilitates phishing attacks. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-0237 to this issue.\n\nSebastian Krahmer discovered a flaw in dcopserver, the KDE Desktop\nCommunication Protocol (DCOP) daemon. A local user could use this flaw\nto stall the DCOP authentication process, affecting any local desktop\nusers and causing a reduction in their desktop functionality. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2005-0396 to this issue.\n\nA flaw in the dcopidlng script was discovered. The dcopidlng script\nwould create temporary files with predictable filenames which could\nallow local users to overwrite arbitrary files via a symlink attack.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2005-0365 to this issue.\n\nUsers of KDE should upgrade to these erratum packages which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0396\"\n );\n # http://www.kde.org/info/security/advisory-20050316-3.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.kde.org/info/security/advisory-20050316-3.txt\"\n );\n # http://www.kde.org/info/security/advisory-20050316-2.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.kde.org/info/security/advisory-20050316-2.txt\"\n );\n # http://www.kde.org/info/security/advisory-20050316-1.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.kde.org/info/security/advisory-20050316-1.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:325\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs and / or kdelibs-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:325\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"kdelibs-3.3.1-3.6\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"kdelibs-devel-3.3.1-3.6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs / kdelibs-devel\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:08:26", "bulletinFamily": "scanner", "description": "A vulnerability in dcopserver was discovered by Sebastian Krahmer of the SUSE security team. A local user can lock up the dcopserver of other users on the same machine by stalling the DCOP authentication process, causing a local Denial of Service. dcopserver is the KDE Desktop Communication Procotol daemon (CVE-2005-0396).\n\nAs well, the IDN (International Domain Names) support in Konqueror is vulnerable to a phishing technique known as a Homograph attack. This attack is made possible due to IDN allowing a website to use a wide range of international characters that have a strong resemblance to other characters. This can be used to trick users into thinking they are on a different trusted site when they are in fact on a site mocked up to look legitimate using these other characters, known as homographs. This can be used to trick users into providing personal information to a site they think is trusted (CVE-2005-0237).\n\nFinally, it was found that the dcopidlng script was vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files of a user when the script is run on behalf of that user. However, this script is only used as part of the build process of KDE itself and may also be used by the build processes of third- party KDE applications (CVE-2005-0365).\n\nThe updated packages are patched to deal with these issues and Mandrakesoft encourages all users to upgrade immediately.", "modified": "2018-07-19T00:00:00", "id": "MANDRAKE_MDKSA-2005-058.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=17346", "published": "2005-03-17T00:00:00", "title": "Mandrake Linux Security Advisory : kdelibs (MDKSA-2005:058)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:058. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17346);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2005-0233\", \"CVE-2005-0237\", \"CVE-2005-0365\", \"CVE-2005-0396\");\n script_xref(name:\"MDKSA\", value:\"2005:058\");\n\n script_name(english:\"Mandrake Linux Security Advisory : kdelibs (MDKSA-2005:058)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability in dcopserver was discovered by Sebastian Krahmer of\nthe SUSE security team. A local user can lock up the dcopserver of\nother users on the same machine by stalling the DCOP authentication\nprocess, causing a local Denial of Service. dcopserver is the KDE\nDesktop Communication Procotol daemon (CVE-2005-0396).\n\nAs well, the IDN (International Domain Names) support in Konqueror is\nvulnerable to a phishing technique known as a Homograph attack. This\nattack is made possible due to IDN allowing a website to use a wide\nrange of international characters that have a strong resemblance to\nother characters. This can be used to trick users into thinking they\nare on a different trusted site when they are in fact on a site mocked\nup to look legitimate using these other characters, known as\nhomographs. This can be used to trick users into providing personal\ninformation to a site they think is trusted (CVE-2005-0237).\n\nFinally, it was found that the dcopidlng script was vulnerable to\nsymlink attacks, potentially allowing a local user to overwrite\narbitrary files of a user when the script is run on behalf of that\nuser. However, this script is only used as part of the build process\nof KDE itself and may also be used by the build processes of third-\nparty KDE applications (CVE-2005-0365).\n\nThe updated packages are patched to deal with these issues and\nMandrakesoft encourages all users to upgrade immediately.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kde.org/info/security/advisory-20050316-1.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kde.org/info/security/advisory-20050316-2.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kde.org/info/security/advisory-20050316-3.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdelibs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdecore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdecore4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdecore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdecore4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"kdelibs-common-3.2-36.12.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64kdecore4-3.2-36.12.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64kdecore4-devel-3.2-36.12.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libkdecore4-3.2-36.12.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libkdecore4-devel-3.2-36.12.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.1\", reference:\"kdelibs-common-3.2.3-104.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64kdecore4-3.2.3-104.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64kdecore4-devel-3.2.3-104.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libkdecore4-3.2.3-104.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libkdecore4-devel-3.2.3-104.2.101mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:16:01", "bulletinFamily": "unix", "description": "\nDavide Madrisan reports:\n\nThe `dcopidlng' script in the KDE library package\n\t (kdelibs-3.3.2/dcop/dcopidlng/dcopidlng) creates temporary\n\t files in a unsecure manner.\n\nNote: dcopidlng is only used at build\n\t time, so only users installing KDE are vulnerable, not users\n\t already running KDE.\n", "modified": "2005-02-20T00:00:00", "published": "2005-01-21T00:00:00", "id": "29DD0065-81FA-11D9-A9E7-0001020EED82", "href": "https://vuxml.freebsd.org/freebsd/29dd0065-81fa-11d9-a9e7-0001020eed82.html", "title": "kdelibs -- insecure temporary file creation", "type": "freebsd", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:26", "bulletinFamily": "unix", "description": "### Background\n\nKDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. DCOP is KDE's simple IPC/RPC mechanism. dcopidlng is a DCOP helper script. \n\n### Description\n\nDavide Madrisan has discovered that the dcopidlng script creates temporary files in a world-writable directory with predictable names. \n\n### Impact\n\nA local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When dcopidlng is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll kdelibs users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose kde-base/kdelibs", "modified": "2005-03-07T00:00:00", "published": "2005-03-07T00:00:00", "id": "GLSA-200503-14", "href": "https://security.gentoo.org/glsa/200503-14", "type": "gentoo", "title": "KDE dcopidlng: Insecure temporary file creation", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "redhat": [{"lastseen": "2018-12-11T17:43:50", "bulletinFamily": "unix", "description": "The kdelibs package provides libraries for the K Desktop Environment.\n\nThe International Domain Name (IDN) support in the Konqueror browser\nallowed remote attackers to spoof domain names using punycode encoded\ndomain names. Such domain names are decoded in URLs and SSL certificates\nin a way that uses homograph characters from other character sets, which\nfacilitates phishing attacks. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2005-0237 to this issue.\n\nSebastian Krahmer discovered a flaw in dcopserver, the KDE Desktop\nCommunication Protocol (DCOP) daemon. A local user could use this flaw to\nstall the DCOP authentication process, affecting any local desktop users\nand causing a reduction in their desktop functionality. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2005-0396 to this issue.\n\nA flaw in the dcopidlng script was discovered. The dcopidlng script would\ncreate temporary files with predictable filenames which could allow local\nusers to overwrite arbitrary files via a symlink attack. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2005-0365 to this issue.\n\nUsers of KDE should upgrade to these erratum packages which contain\nbackported patches to correct these issues.", "modified": "2017-09-08T12:03:47", "published": "2005-03-23T05:00:00", "id": "RHSA-2005:325", "href": "https://access.redhat.com/errata/RHSA-2005:325", "type": "redhat", "title": "(RHSA-2005:325) kdelibs security update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:12", "bulletinFamily": "software", "description": "Three KDE security advisories have been issued today.\r\n\r\nKDE Security Advisory: Local DCOP denial of service vulnerability\r\nOriginal Release Date: 20050316\r\nURL: http://www.kde.org/info/security/advisory-20050316-1.txt\r\n\r\n0. References\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0396\r\n\r\n\r\n1. Systems affected:\r\n\r\n All KDE version prior to KDE 3.4 on systems where multiple users\r\n have access.\r\n\r\n\r\n2. Overview:\r\n\r\n Sebastian Krahmer of the SUSE LINUX Security Team reported a local\r\n denial of service vulnerability in KDE&#39;s Desktop Communication\r\n Protocol &#40;DCOP&#41; daemon better known as dcopserver.\r\n\r\n A local user can lock up the dcopserver of arbitrary other users\r\n on the same machine by stalling the DCOP authentication process.\r\n\r\n Although it is not possible to by pass the authentication process\r\n this way, it can cause a significant reduction in desktop\r\n functionality for the affected users.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the name CAN-2005-0396 to this issue.\r\n\r\n \r\n3. Impact:\r\n\r\n A local user can lock up the dcopserver of arbitrary other users\r\n on the same machine. This can cause a significant reduction in\r\n desktop functionality for the affected users including, but not\r\n limited to, the inability to browse the internet and the inability\r\n to start new applications.\r\n\r\n\r\n4. Solution:\r\n\r\n Upgrade to KDE 3.4.\r\n\r\n For older versions of KDE Source code patches have been made\r\n available which fix these vulnerabilities. Contact your OS vendor /\r\n binary package provider for information about how to obtain updated\r\n binary packages.\r\n\r\n\r\n5. Patch:\r\n\r\n A patch for KDE 3.1.x is available from\r\n ftp://ftp.kde.org/pub/kde/security_patches\r\n\r\n 377c49d8224612fbf09f70f3c09d52f5 post-3.1.5-kdelibs-dcop.patch\r\n\r\n A patch for KDE 3.2.x is available from\r\n ftp://ftp.kde.org/pub/kde/security_patches\r\n\r\n 0948701bffb082c65784dc8a2b648ef0 post-3.2.3-kdelibs-dcop.patch\r\n\r\n A patch for KDE 3.3.x is available from\r\n ftp://ftp.kde.org/pub/kde/security_patches\r\n\r\n 7309e259ae1f29be08bbb70e580da3fb post-3.3.2-kdelibs-dcop.patch\r\n\r\n\r\n6. Time line and credits:\r\n\r\n 21/02/2005 KDE Security informed by SUSE LINUX.\r\n 21/02/2005 Patches applied to KDE CVS.\r\n 02/03/2005 Vendors notified\r\n 16/03/2005 KDE Security Advisory released.\r\n\r\n\r\nKDE Security Advisory: Konqueror International Domain Name Spoofing\r\nOriginal Release Date: 20050316\r\nURL: http://www.kde.org/info/security/advisory-20050316-2.txt\r\n\r\n0. References\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0237\r\n http://bugs.kde.org/show_bug.cgi?id=98788\r\n http://lists.netsys.com/pipermail/full-disclosure/2005-February/031459.html \r\n http://lists.netsys.com/pipermail/full-disclosure/2005-February/031460.html \r\n http://www.shmoo.com/idn \r\n http://www.shmoo.com/idn/homograph.txt \r\n http://xforce.iss.net/xforce/xfdb/19236\r\n http://secunia.com/advisories/14162/\r\n\r\n1. Systems affected:\r\n\r\n All KDE versions in the KDE 3.2.x and KDE 3.3.x series.\r\n\r\n\r\n2. Overview:\r\n\r\n Since version 3.2 KDE and it&#39;s webbrowser Konqueror have support\r\n for International Domain Names &#40;IDN&#41;. Unfortunately this has\r\n made KDE vulnerable to a phishing technique known as a \r\n Homograph attack.\r\n\r\n IDN allows a website to use a wide range of international characters\r\n in its domain name. Unfortunately some of these characters have a\r\n strong resemblance to other characters, so called homographs. This\r\n makes it possible for a website to use a domain name that is\r\n technically different from another well known domain name, but has\r\n no or very little visual differences.\r\n\r\n This lack of visual difference can be abused by attackers to\r\n trick users into visiting malicious websites that resemble\r\n a well known and trusted website in order to obtain personal\r\n information such as credit card details.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the name CAN-2005-0237 to this issue.\r\n\r\n For KDE 3.4 KDE and the Konqueror webbrowser have adopted a\r\n whitelist of domains for which IDN is safe to use because the\r\n registrar for these domains has implemented anti-homographic\r\n character policies or otherwise limited the available set of\r\n characters to prevent spoofing.\r\n\r\n \r\n3. Impact:\r\n\r\n Users can be tricked into visiting a malicious website that\r\n resembles a well known and trusted website without getting any\r\n visual indication that this website differs from the one the\r\n user was expecting to visit.\r\n\r\n\r\n4. Solution:\r\n\r\n Upgrade to KDE 3.4.\r\n\r\n For older versions of KDE Source code patches have been made\r\n available which fix these vulnerabilities. Contact your OS vendor /\r\n binary package provider for information about how to obtain updated\r\n binary packages.\r\n\r\n\r\n5. Patch:\r\n\r\n A patch for KDE 3.2.x is available from\r\n ftp://ftp.kde.org/pub/kde/security_patches\r\n\r\n 611bad3cb9ae46ac35b907c7321da7aa post-3.2.3-kdelibs-idn.patch\r\n\r\n A patch for KDE 3.3.x is available from\r\n ftp://ftp.kde.org/pub/kde/security_patches\r\n\r\n c87754dbbaca4cdfeb26626a908fab5f post-3.3.2-kdelibs-idn.patch\r\n\r\n6. Time line and credits:\r\n\r\n 07/02/2005 Issue raised by Eric Johanson on full-disclosure\r\n 03/03/2005 Patches applied to KDE CVS.\r\n 04/03/2005 Vendors notified\r\n 16/03/2005 KDE Security Advisory released.\r\n\r\n\r\nKDE Security Advisory: Insecure temporary file creation by dcopidlng\r\nOriginal Release Date: 20050316\r\nURL: http://www.kde.org/info/security/advisory-20050316-3.txt\r\n\r\n0. References\r\n http://bugs.kde.org/show_bug.cgi?id=97608\r\n http://www.gentoo.org/security/en/glsa/glsa-200503-14.xml \r\n http://bugs.gentoo.org/attachment.cgi?id=51120&action=view\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0365\r\n\r\n1. Systems affected:\r\n\r\n All KDE versions in the KDE 3.2.x and KDE 3.3.x series.\r\n This problem only affects users who compile KDE or KDE applications\r\n themselves.\r\n\r\n2. Overview:\r\n\r\n The dcopidlng script is vulnerable to symlink attacks, potentially\r\n allowing a local user to overwrite arbitrary files of a user when\r\n the script is run on behalf of that user.\r\n\r\n The dcopidlng script is run as part of the build process of KDE\r\n itself and may be used by the build process of third party KDE\r\n applications.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the name CAN-2005-0365 to this issue.\r\n\r\n \r\n3. Impact:\r\n\r\n The dcopidlng script is vulnerable to symlink attacks, potentially\r\n allowing a local user to overwrite arbitrary files of a user when\r\n that user compiles KDE or third party KDE applications that use the\r\n dcopidlng script as part of their build process.\r\n\r\n\r\n4. Solution:\r\n\r\n Upgrade to KDE 3.4.\r\n\r\n For older versions of KDE Source code patches have been made\r\n available which fix these vulnerabilities.\r\n\r\n Installed versions of dcopidlng can be patched manually as follows:\r\n\r\n cd $&#40;kde-config --expandvars --install exe&#41;\r\n patch &lt; ~/post-3.2.3-kdelibs-dcopidlng.patch\r\n\r\n5. Patch:\r\n\r\n A patch for KDE 3.2.x is available from\r\n ftp://ftp.kde.org/pub/kde/security_patches\r\n\r\n 43213bb9876704041af622ed2a6903ae post-3.2.3-kdelibs-dcopidlng.patch\r\n\r\n A patch for KDE 3.3.x is available from\r\n ftp://ftp.kde.org/pub/kde/security_patches\r\n\r\n 43213bb9876704041af622ed2a6903ae post-3.3.2-kdelibs-dcopidlng.patch\r\n\r\n\r\n6. Time line and credits:\r\n\r\n 21/01/2005 Problem reported to bugs.kde.org by Davide Madrisan\r\n 21/01/2005 Patches applied to KDE CVS.\r\n 16/03/2005 KDE Security Advisory released.", "modified": "2005-03-17T00:00:00", "published": "2005-03-17T00:00:00", "id": "SECURITYVULNS:DOC:8083", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:8083", "title": "Multiple KDE Security Advisories &#40;2005-03-16&#41;", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}