KDE DCOPServer Insecure Temporary File Manipulation

2004-08-11T04:53:53
ID OSVDB:8589
Type osvdb
Reporter Chris Cheney(), Colin Phipps(cph@cph.demon.co.uk)
Modified 2004-08-11T04:53:53

Description

Vulnerability Description

KDE DCOPServer contains a flaw that may allow a malicious user to compromise local user accounts. The issue is triggered when DCOPserver creates insecure temporary files which may be used for authentication purposes occurs. It is possible that the flaw may allow a local attacker to compromise local accounts that run applications within KDE resulting in a loss of confidentiality, and integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, KDE has released a patch to address this vulnerability.

Short Description

KDE DCOPServer contains a flaw that may allow a malicious user to compromise local user accounts. The issue is triggered when DCOPserver creates insecure temporary files which may be used for authentication purposes occurs. It is possible that the flaw may allow a local attacker to compromise local accounts that run applications within KDE resulting in a loss of confidentiality, and integrity.

References:

Vendor Specific Advisory URL Secunia Advisory ID:12276 Secunia Advisory ID:12311 Secunia Advisory ID:12465 Secunia Advisory ID:12343 Secunia Advisory ID:12725 Secunia Advisory ID:12284 Secunia Advisory ID:12495 Secunia Advisory ID:12521 Related OSVDB ID: 8590 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200408-13.xml Other Advisory URL: http://rhn.redhat.com/errata/RHSA-2004-412.html Other Advisory URL: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.440345 Other Advisory URL: http://www.debian.org/security/2004/dsa-539 Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:086 Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000864 CVE-2004-0689