Lucene search

GoogleOSV:DSA-1062-1

HistoryMay 19, 2006 - 12:00 a.m.

kphone - insecure file creation

2006-05-1900:00:00

Google

osv.dev

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

Sven Dreyer discovered that KPhone, a Voice over IP client for KDE,
creates a configuration file world-readable, which could leak sensitive
information like SIP passwords.

The old stable distribution (woody) doesn’t contain kphone packages.

For the stable distribution (sarge) this problem has been fixed in
version 4.1.0-2sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 4.2-6.

We recommend that you upgrade your kphone package. If your current kphonerc
has too lax permissions, you’ll need to reset them manually.

CPENameOperatorVersion
kphoneeq1:4.1.0-2

CPE	Name	Operator	Version
	kphone	eq	1:4.1.0-2

References

www.debian.org/security/2006/dsa-1062

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for OSV:DSA-1062-1