KDE DCOPServer Insecure Temporary File Privilege Escalation
2004-08-11T04:53:53
ID OSVDB:8590 Type osvdb Reporter Colin Phipps(cph@cph.demon.co.uk) Modified 2004-08-11T04:53:53
Description
Vulnerability Description
KDE DCOPServer contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the DCOPServer not creating temporary files in a secure manner. This may allow an attacker to use a symlink style of attack to gain access to user credentials causing a loss of integrity.
Solution Description
Currently, there are no known workarounds or upgrades to correct this issue. However, KDE has released a patch to address this vulnerability.
Short Description
KDE DCOPServer contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the DCOPServer not creating temporary files in a secure manner. This may allow an attacker to use a symlink style of attack to gain access to user credentials causing a loss of integrity.
{"type": "osvdb", "published": "2004-08-11T04:53:53", "href": "https://vulners.com/osvdb/OSVDB:8590", "hashmap": [{"key": "affectedSoftware", "hash": "167eefeade4f389fcfe3519f2e92932b"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "a11e2636c5325b9f11e64fb7ae3151d3"}, {"key": "cvss", "hash": "292f2e293571b0e70e3182b615982dad"}, {"key": "description", "hash": "5b262a9639ced174dc3ec63f8c647dfd"}, {"key": "href", "hash": "64d4dae863799c7a65ef2d62fa3cdb0e"}, {"key": "modified", "hash": "f8889ca3c11b2e0d9dbaaa4968380a3a"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "f8889ca3c11b2e0d9dbaaa4968380a3a"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "25dafc5b8d63c2e7d5fe409d01dae90c"}, {"key": "title", "hash": "ec011499e504725b6e081d58e43c014a"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 4.6}, "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "Colin Phipps(cph@cph.demon.co.uk)", "title": "KDE DCOPServer Insecure Temporary File Privilege Escalation", "affectedSoftware": [{"operator": "eq", "version": "3.2.0", "name": "KDE"}, {"operator": "eq", "version": "3.2.3", "name": "KDE"}, {"operator": "eq", "version": "3.2.2", "name": "KDE"}, {"operator": "eq", "version": "3.2.1", "name": "KDE"}], "enchantments": {"score": {"value": 6.0, "vector": "NONE", "modified": "2017-04-28T13:20:03"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-0690"]}, {"type": "cert", "idList": ["VU:330638"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_603FE36DEC9D11D8B913000C41E2CDAD.NASL", "MANDRAKE_MDKSA-2004-086.NASL", "SLACKWARE_SSA_2004-247-01.NASL"]}, {"type": "freebsd", "idList": ["603FE36D-EC9D-11D8-B913-000C41E2CDAD"]}, {"type": "openvas", "idList": ["OPENVAS:52423", "OPENVAS:136141256231065461", "OPENVAS:65461", "OPENVAS:136141256231053913", "OPENVAS:53913"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:6606"]}, {"type": "slackware", "idList": ["SSA-2004-247-01"]}], "modified": "2017-04-28T13:20:03"}, "vulnersScore": 6.0}, "references": [], "id": "OSVDB:8590", "hash": "42995d8fd187631496e52e0b5a9185208b8cc6760affdaa6defc424e13323b87", "lastseen": "2017-04-28T13:20:03", "cvelist": ["CVE-2004-0690"], "modified": "2004-08-11T04:53:53", "description": "## Vulnerability Description\nKDE DCOPServer contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the DCOPServer not creating temporary files in a secure manner. This may allow an attacker to use a symlink style of attack to gain access to user credentials causing a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, KDE has released a patch to address this vulnerability.\n## Short Description\nKDE DCOPServer contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the DCOPServer not creating temporary files in a secure manner. This may allow an attacker to use a symlink style of attack to gain access to user credentials causing a loss of integrity.\n## References:\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20040811-2.txt)\nSecurity Tracker: 1010932\n[Secunia Advisory ID:12276](https://secuniaresearch.flexerasoftware.com/advisories/12276/)\n[Secunia Advisory ID:12465](https://secuniaresearch.flexerasoftware.com/advisories/12465/)\n[Secunia Advisory ID:12343](https://secuniaresearch.flexerasoftware.com/advisories/12343/)\n[Secunia Advisory ID:12284](https://secuniaresearch.flexerasoftware.com/advisories/12284/)\n[Secunia Advisory ID:12495](https://secuniaresearch.flexerasoftware.com/advisories/12495/)\n[Secunia Advisory ID:12521](https://secuniaresearch.flexerasoftware.com/advisories/12521/)\n[Related OSVDB ID: 8589](https://vulners.com/osvdb/OSVDB:8589)\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200408-13.xml\nOther Advisory URL: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.440345\nOther Advisory URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261386\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:086\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000864\n[CVE-2004-0690](https://vulners.com/cve/CVE-2004-0690)\n"}
{"cve": [{"lastseen": "2019-05-29T18:08:03", "bulletinFamily": "NVD", "description": "The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.", "modified": "2017-07-11T01:30:00", "id": "CVE-2004-0690", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0690", "published": "2004-09-28T04:00:00", "title": "CVE-2004-0690", "type": "cve", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "cert": [{"lastseen": "2019-05-29T20:44:07", "bulletinFamily": "info", "description": "### Overview \n\nKDE DCOPServer insecurely creates and maintains temporary files used for authentication purposes. Unauthorized local users may be able to modify user account information and execute arbitrary commands with the privileges of the compromised account.\n\n### Description \n\nThe Desktop COmmunications Protocol (DCOP) is a lightweight mechanism to facilitate inter-process communication over sockets. The KDE DCOPServer is an implementation of DCOP for the KDE Desktop Environment. Reports claim the KDE DCOPServer insecurely creates temporary files potentially allowing unauthorized local users to access and modify them. Affected versions include all releases within the 3.2.x branch. \n \n--- \n \n### Impact \n\nAn unauthorized local user may be able to view and change user account information leading to execution of arbitrary commands with the privileges of the compromised account. \n \n--- \n \n### Solution \n\n**Apply patches for KDE 3.2.3:**\n\n` \n``_<ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-dcopserver.patch>_` \n \n--- \n \n### Vendor Information\n\n330638\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ KDE Desktop Environment Project\n\nUpdated: August 19, 2004 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23330638 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | | N/A \n \n \n\n\n### References \n\n * <http://www.kde.org/info/security/advisory-20040811-2.txt>\n * <http://secunia.com/advisories/12276/>\n * <http://www.securitytracker.com/alerts/2004/Aug/1010932.html>\n * <http://www.securityfocus.com/bid/10924/info/>\n * <http://www.osvdb.org/displayvuln.php?osvdb_id=8589>\n\n### Acknowledgements\n\nThis vulnerability was reported by Waldo Bastian. \n\nThis document was written by Jeff Gennari. \n\n### Other Information\n\n**CVE IDs:** | [CVE-2004-0690](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0690>) \n---|--- \n**Severity Metric:****** | 0.46 \n**Date Public:** | 2004-08-11 \n**Date First Published:** | 2004-09-07 \n**Date Last Updated: ** | 2004-10-06 15:41 UTC \n**Document Revision: ** | 111 \n", "modified": "2004-10-06T15:41:00", "published": "2004-09-07T00:00:00", "id": "VU:330638", "href": "https://www.kb.cert.org/vuls/id/330638", "type": "cert", "title": "KDE DCOPServer insecurely creates temporary files", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:35:15", "bulletinFamily": "unix", "description": "\nAccording to a KDE Security Advisory, KDE may sometimes\n\t create temporary files without properly checking the ownership\n\t and type of the target path.\tThis could allow a local\n\t attacker to cause KDE applications to overwrite arbitrary\n\t files.\n", "modified": "2004-08-11T00:00:00", "published": "2004-08-11T00:00:00", "id": "603FE36D-EC9D-11D8-B913-000C41E2CDAD", "href": "https://vuxml.freebsd.org/freebsd/603fe36d-ec9d-11d8-b913-000c41e2cdad.html", "title": "kdelibs insecure temporary file handling", "type": "freebsd", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-02T21:10:21", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-21T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=52423", "id": "OPENVAS:52423", "title": "FreeBSD Ports: kdelibs", "type": "openvas", "sourceData": "#\n#VID 603fe36d-ec9d-11d8-b913-000c41e2cdad\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: kdelibs\n\nCVE-2004-0689\nKDE before 3.3.0 does not properly handle when certain symbolic links\npoint to 'stale' locations, which could allow local users to create or\ntruncate arbitrary files.\n\nCVE-2004-0690\nThe DCOPServer in KDE 3.2.3 and earlier allows local users to gain\nunauthorized access via a symlink attack on DCOP files in the /tmp\ndirectory.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.kde.org/info/security/advisory-20040811-1.txt\nhttp://www.kde.org/info/security/advisory-20040811-2.txt\nftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-kstandarddirs.patch\nftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-dcopserver.patch\nhttp://www.vuxml.org/freebsd/603fe36d-ec9d-11d8-b913-000c41e2cdad.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52423);\n script_version(\"$Revision: 4125 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-21 07:39:51 +0200 (Wed, 21 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2004-0689\", \"CVE-2004-0690\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: kdelibs\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"kdelibs\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.2.3_3\")<=0) {\n txt += 'Package kdelibs version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:36", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kdelibs3-devel\n kdelibs3\n kdebase3\n kdebase3-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010460 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65461", "id": "OPENVAS:65461", "title": "SLES9: Security update for KDE", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5010460.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for KDE\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kdelibs3-devel\n kdelibs3\n kdebase3\n kdebase3-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010460 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65461);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-0689\", \"CVE-2004-0690\", \"CVE-2004-0721\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for KDE\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kdelibs3-devel\", rpm:\"kdelibs3-devel~3.2.1~44.28\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:23", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kdelibs3-devel\n kdelibs3\n kdebase3\n kdebase3-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010460 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065461", "id": "OPENVAS:136141256231065461", "type": "openvas", "title": "SLES9: Security update for KDE", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5010460.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for KDE\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kdelibs3-devel\n kdelibs3\n kdebase3\n kdebase3-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010460 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65461\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-0689\", \"CVE-2004-0690\", \"CVE-2004-0721\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for KDE\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kdelibs3-devel\", rpm:\"kdelibs3-devel~3.2.1~44.28\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:34", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-247-01.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53913", "id": "OPENVAS:53913", "title": "Slackware Advisory SSA:2004-247-01 kde", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2004_247_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New kdelibs and kdebase packages are available for Slackware 9.1, 10.0,\nand -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2004-247-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-247-01\";\n \nif(description)\n{\n script_id(53913);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2004-0689\", \"CVE-2004-0690\", \"CVE-2004-0721\", \"CVE-2004-0746\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2004-247-01 kde \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"kdebase\", ver:\"3.1.4-i486-2\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"kdelibs\", ver:\"3.1.4-i486-3\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"kdebase\", ver:\"3.2.3-i486-2\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"kdelibs\", ver:\"3.2.3-i486-2\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:02", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-247-01.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231053913", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231053913", "title": "Slackware Advisory SSA:2004-247-01 kde", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2004_247_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.53913\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2004-0689\", \"CVE-2004-0690\", \"CVE-2004-0721\", \"CVE-2004-0746\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2004-247-01 kde\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(9\\.1|10\\.0)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-247-01\");\n\n script_tag(name:\"insight\", value:\"New kdelibs and kdebase packages are available for Slackware 9.1, 10.0,\nand -current to fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2004-247-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"kdebase\", ver:\"3.1.4-i486-2\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"kdelibs\", ver:\"3.1.4-i486-3\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"kdebase\", ver:\"3.2.3-i486-2\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"kdelibs\", ver:\"3.2.3-i486-2\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-02-21T01:09:42", "bulletinFamily": "scanner", "description": "According to a KDE Security Advisory, KDE may sometimes create temporary files without properly checking the ownership and type of the target path. This could allow a local attacker to cause KDE applications to overwrite arbitrary files.", "modified": "2018-11-21T00:00:00", "id": "FREEBSD_PKG_603FE36DEC9D11D8B913000C41E2CDAD.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=24307", "published": "2007-02-09T00:00:00", "title": "FreeBSD : kdelibs insecure temporary file handling (603fe36d-ec9d-11d8-b913-000c41e2cdad)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24307);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/21 10:46:30\");\n\n script_cve_id(\"CVE-2004-0689\", \"CVE-2004-0690\");\n\n script_name(english:\"FreeBSD : kdelibs insecure temporary file handling (603fe36d-ec9d-11d8-b913-000c41e2cdad)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"According to a KDE Security Advisory, KDE may sometimes create\ntemporary files without properly checking the ownership and type of\nthe target path. This could allow a local attacker to cause KDE\napplications to overwrite arbitrary files.\"\n );\n # http://www.kde.org/info/security/advisory-20040811-1.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.kde.org/info/security/advisory-20040811-1.txt\"\n );\n # http://www.kde.org/info/security/advisory-20040811-2.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.kde.org/info/security/advisory-20040811-2.txt\"\n );\n # ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-kstandarddirs.patch\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d058b34d\"\n );\n # ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-dcopserver.patch\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ac90c402\"\n );\n # https://vuxml.freebsd.org/freebsd/603fe36d-ec9d-11d8-b913-000c41e2cdad.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?efecb7ac\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"kdelibs<=3.2.3_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:38", "bulletinFamily": "scanner", "description": "New kdelibs and kdebase packages are available for Slackware 9.1, 10.0, and -current to fix security issues.", "modified": "2018-08-09T00:00:00", "id": "SLACKWARE_SSA_2004-247-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=18782", "published": "2005-07-13T00:00:00", "title": "Slackware 10.0 / 9.1 / current : kde (SSA:2004-247-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2004-247-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18782);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/09 17:06:37\");\n\n script_cve_id(\"CVE-2004-0689\", \"CVE-2004-0690\", \"CVE-2004-0721\", \"CVE-2004-0746\");\n script_xref(name:\"SSA\", value:\"2004-247-01\");\n\n script_name(english:\"Slackware 10.0 / 9.1 / current : kde (SSA:2004-247-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New kdelibs and kdebase packages are available for Slackware 9.1,\n10.0, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.440345\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?910af434\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdebase and / or kdelibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kdebase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/08/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"9.1\", pkgname:\"kdebase\", pkgver:\"3.1.4\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"9.1\", pkgname:\"kdelibs\", pkgver:\"3.1.4\", pkgarch:\"i486\", pkgnum:\"3\")) flag++;\n\nif (slackware_check(osver:\"10.0\", pkgname:\"kdebase\", pkgver:\"3.2.3\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"10.0\", pkgname:\"kdelibs\", pkgver:\"3.2.3\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"kdebase\", pkgver:\"3.2.3\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"kdelibs\", pkgver:\"3.2.3\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:03", "bulletinFamily": "scanner", "description": "A number of vulnerabilities were discovered in KDE that are corrected with these update packages.\n\nThe integrity of symlinks used by KDE are not ensured and as a result can be abused by local attackers to create or truncate arbitrary files or to prevent KDE applications from functioning correctly (CVE-2004-0689).\n\nThe DCOPServer creates temporary files in an insecure manner. These temporary files are used for authentication-related purposes, so this could potentially allow a local attacker to compromise the account of any user running a KDE application (CVE-2004-0690). Note that only KDE 3.2.x is affected by this vulnerability.\n\nThe Konqueror web browser allows websites to load web pages into a frame of any other frame-based web page that the user may have open.\nThis could potentially allow a malicious website to make Konqueror insert its own frames into the page of an otherwise trusted website (CVE-2004-0721).\n\nThe Konqueror web browser also allows websites to set cookies for certain country-specific top-level domains. This can be done to make Konqueror send the cookies to all other web sites operating under the same domain, which can be abused to become part of a session fixation attack. All country-specific secondary top-level domains that use more than 2 characters in the secondary part of the domain name, and that use a secondary part other than com, net, mil, org, gove, edu, or int are affected (CVE-2004-0746).", "modified": "2018-07-19T00:00:00", "id": "MANDRAKE_MDKSA-2004-086.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14335", "published": "2004-08-22T00:00:00", "title": "Mandrake Linux Security Advisory : kdelibs/kdebase (MDKSA-2004:086)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:086. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14335);\n script_version (\"1.21\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2004-0689\", \"CVE-2004-0690\", \"CVE-2004-0721\", \"CVE-2004-0746\");\n script_xref(name:\"MDKSA\", value:\"2004:086\");\n\n script_name(english:\"Mandrake Linux Security Advisory : kdelibs/kdebase (MDKSA-2004:086)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of vulnerabilities were discovered in KDE that are corrected\nwith these update packages.\n\nThe integrity of symlinks used by KDE are not ensured and as a result\ncan be abused by local attackers to create or truncate arbitrary files\nor to prevent KDE applications from functioning correctly\n(CVE-2004-0689).\n\nThe DCOPServer creates temporary files in an insecure manner. These\ntemporary files are used for authentication-related purposes, so this\ncould potentially allow a local attacker to compromise the account of\nany user running a KDE application (CVE-2004-0690). Note that only KDE\n3.2.x is affected by this vulnerability.\n\nThe Konqueror web browser allows websites to load web pages into a\nframe of any other frame-based web page that the user may have open.\nThis could potentially allow a malicious website to make Konqueror\ninsert its own frames into the page of an otherwise trusted website\n(CVE-2004-0721).\n\nThe Konqueror web browser also allows websites to set cookies for\ncertain country-specific top-level domains. This can be done to make\nKonqueror send the cookies to all other web sites operating under the\nsame domain, which can be abused to become part of a session fixation\nattack. All country-specific secondary top-level domains that use more\nthan 2 characters in the secondary part of the domain name, and that\nuse a secondary part other than com, net, mil, org, gove, edu, or int\nare affected (CVE-2004-0746).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kde.org/info/security/advisory-20040811-1.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kde.org/info/security/advisory-20040811-2.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kde.org/info/security/advisory-20040811-3.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kde.org/info/security/advisory-20040820-1.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdebase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdebase-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdebase-kate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdebase-kcontrol-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdebase-kdeprintfax\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdebase-kdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdebase-kdm-config-file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdebase-kmenuedit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdebase-konsole\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdebase-nsplugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdebase-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdelibs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdebase4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdebase4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdebase4-kate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdebase4-kate-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdebase4-kmenuedit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdebase4-konsole\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdebase4-nsplugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdebase4-nsplugins-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdecore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdecore4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdebase4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdebase4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdebase4-kate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdebase4-kate-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdebase4-kmenuedit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdebase4-konsole\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdebase4-nsplugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdebase4-nsplugins-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdecore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdecore4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"kdebase-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"kdebase-common-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"kdebase-kate-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"kdebase-kcontrol-data-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"kdebase-kdeprintfax-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"kdebase-kdm-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"kdebase-kdm-config-file-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"kdebase-kmenuedit-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"kdebase-konsole-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"kdebase-nsplugins-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"kdebase-progs-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"kdelibs-common-3.2-36.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64kdebase4-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64kdebase4-devel-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64kdebase4-kate-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64kdebase4-kate-devel-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64kdebase4-kmenuedit-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64kdebase4-konsole-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64kdebase4-nsplugins-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64kdebase4-nsplugins-devel-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64kdecore4-3.2-36.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64kdecore4-devel-3.2-36.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libkdebase4-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libkdebase4-devel-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libkdebase4-kate-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libkdebase4-kate-devel-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libkdebase4-kmenuedit-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libkdebase4-konsole-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libkdebase4-nsplugins-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libkdebase4-nsplugins-devel-3.2-79.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libkdecore4-3.2-36.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libkdecore4-devel-3.2-36.3.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", reference:\"kdebase-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"kdebase-common-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"kdebase-kate-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"kdebase-kdeprintfax-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"kdebase-kdm-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"kdebase-kdm-config-file-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"kdebase-konsole-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"kdebase-nsplugins-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"kdebase-progs-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"kdelibs-common-3.1.3-35.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64kdebase4-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64kdebase4-devel-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64kdebase4-kate-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64kdebase4-kate-devel-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64kdebase4-konsole-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64kdebase4-nsplugins-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64kdebase4-nsplugins-devel-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64kdecore4-3.1.3-35.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64kdecore4-devel-3.1.3-35.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libkdebase4-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libkdebase4-devel-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libkdebase4-kate-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libkdebase4-kate-devel-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libkdebase4-konsole-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libkdebase4-nsplugins-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libkdebase4-nsplugins-devel-3.1.3-79.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libkdecore4-3.1.3-35.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libkdecore4-devel-3.1.3-35.3.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:10", "bulletinFamily": "software", "description": "Three security advisories have been issued today for KDE. The first advisory \r\nconcerns the unsafe handling of KDE's temporary directory in certain \r\ncircumstances. The second advisory relates to the unsafe creation of \r\ntemporary files by KDE 3.2.x's dcopserver . The third advisory is about a \r\nframe injection vulnerability in Konqueror as earlier reported by Heise\r\nOnline and Secunia\r\n\r\nDistributions are expected to have updated binary packages available shortly. \r\nAll issues mentioned above have also been fixed in the KDE 3.3 Release \r\nCandidate 2 that was announced yesterday . The final release of KDE 3.3 is \r\nexpected later this month.\r\n\r\nCheers,\r\nWaldo\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nKDE Security Advisory: Temporary Directory Vulnerability\r\nOriginal Release Date: 2004-08-11\r\nURL: http://www.kde.org/info/security/advisory-20040811-1.txt\r\n\r\n0. References\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689\r\n\r\n\r\n1. Systems affected:\r\n\r\n All versions of KDE up to KDE 3.2.3 inclusive. \r\n\r\n\r\n2. Overview:\r\n\r\n The SUSE security team was alerted that in some cases the\r\n integrity of symlinks used by KDE are not ensured and that\r\n these symlinks can be pointing to stale locations. This can\r\n be abused by a local attacker to create or truncate arbitrary\r\n files or to prevent KDE applications from functioning\r\n correctly (Denial of Service).\r\n\r\n KDE creates in ~/.kde symlinks to a temporary directory, a socket\r\n directory and a cache directory. When a user logs into the KDE\r\n environment the startkde script ensures that these symlinks are\r\n present and point to directories that are owned by the user.\r\n However, when a user runs KDE applications outside the KDE\r\n environment or when a user runs a KDE applications as another user, \r\n such as root, the integrity of these symlinks is not checked and it\r\n is possible that a previously created but now stale symlinks exist.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the name CAN-2004-0689 to this issue.\r\n\r\n\r\n3. Impact:\r\n\r\n When a stale symlink is present a local attacker could create the\r\n directory that the symlink is pointing to with his own credentials\r\n to prevent access to this directory by KDE applications. This can\r\n prevent KDE applications from functioning correctly.\r\n\r\n When a stale symlink is present a local attacker could create the\r\n directory that the symlink is pointing to with his own credentials.\r\n Since KDE applications will attempt to create files with certain\r\n known names in this directory, an attacker can abuse this to overwrite\r\n arbitrary files with the privileges of the user.\r\n\r\n\r\n4. Solution:\r\n\r\n Source code patches have been made available which fix these\r\n vulnerabilities. Contact your OS vendor / binary package provider\r\n for information about how to obtain updated binary packages.\r\n\r\n\r\n5. Patch:\r\n\r\n Patches for KDE 3.0.5b are available from\r\n ftp://ftp.kde.org/pub/kde/security_patches : \r\n\r\n da950a651e69cd810019efce284120fc post-3.0.5b-kdelibs-kstandarddirs.patch\r\n\r\n Patches for KDE 3.1.5 are available from\r\n ftp://ftp.kde.org/pub/kde/security_patches : \r\n\r\n c97ab0cf014adb59e315047210316f5d post-3.1.5-kdelibs-kstandarddirs.patch\r\n\r\n Patches for KDE 3.2.3 are available from\r\n ftp://ftp.kde.org/pub/kde/security_patches : \r\n\r\n 345ce2e01cfdfa4754c47894c0271dcc post-3.2.3-kdelibs-kstandarddirs.patch\r\n\r\n\r\n6. Time line and credits:\r\n\r\n\r\n 23/06/2004 SUSE Security Team alerted by Andrew Tuitt\r\n 26/06/2004 Patches created\r\n 27/07/2004 Vendors notified\r\n 11/08/2004 Public advisory\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.2 (GNU/Linux)\r\n\r\niD8DBQFBGioUN4pvrENfboIRAnALAJ9ynwVAnzRtkDghmItkkCTe8qu/eACfabZc\r\nX/9KZihVfSQKjOHvmvBOzv0=\r\n=VM4l\r\n-----END PGP SIGNATURE-----\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nKDE Security Advisory: DCOPServer Temporary Filename Vulnerability\r\nOriginal Release Date: 2004-08-11\r\nURL: http://www.kde.org/info/security/advisory-20040811-2.txt\r\n\r\n0. References\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0690\r\n http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261386\r\n\r\n1. Systems affected:\r\n\r\n KDE 3.2.x up to KDE 3.2.3 inclusive. \r\n\r\n\r\n2. Overview:\r\n\r\n The Debian project was alerted that KDE's DCOPServer creates\r\n temporary files in an insecure manner. Since the temporary\r\n files are used for authentication related purposes this can\r\n potentially allow a local attacker to compromise the account of\r\n any user which runs a KDE application.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the name CAN-2004-0690 to this issue.\r\n\r\n\r\n3. Impact:\r\n\r\n KDE's DCOPServer creates temporary files in an insecure manner.\r\n Since the temporary files are used for authentication related\r\n purposes this can potentially allow a local attacker to compromise\r\n the account of any user which runs a KDE application.\r\n \r\n\r\n4. Solution:\r\n\r\n Source code patches have been made available which fix these\r\n vulnerabilities. Contact your OS vendor / binary package provider\r\n for information about how to obtain updated binary packages.\r\n\r\n\r\n5. Patch:\r\n\r\n Patches for KDE 3.2.3 are available from\r\n ftp://ftp.kde.org/pub/kde/security_patches : \r\n\r\n 0046c691fa833b2ff8d7eac15312a68b post-3.2.3-kdelibs-dcopserver.patch\r\n\r\n\r\n6. Time line and credits:\r\n\r\n\r\n 25/07/2004 Debian Project alerted by Colin Phipps\r\n 26/07/2004 KDE Security team informed by Chris Cheney\r\n 26/07/2004 Patch created\r\n 27/07/2004 Vendors notified\r\n 11/08/2004 Public advisory\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.2 (GNU/Linux)\r\n\r\niD8DBQFBGiosN4pvrENfboIRApSoAJ0S7zbgId9etA3EDrOv5dnFpSUU4wCfd2JK\r\nkHcL+tcXbrH971YcuoEleTQ=\r\n=VHci\r\n-----END PGP SIGNATURE-----\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nKDE Security Advisory: Konqueror Frame Injection Vulnerability\r\nOriginal Release Date: 2004-08-11\r\nURL: http://www.kde.org/info/security/advisory-20040811-3.txt\r\n\r\n0. References\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721\r\n http://secunia.com/advisories/11978/\r\n http://www.heise.de/newsticker/meldung/48793\r\n http://bugs.kde.org/show_bug.cgi?id=84352\r\n\r\n1. Systems affected:\r\n\r\n All versions of KDE up to KDE 3.2.3 inclusive. \r\n\r\n\r\n2. Overview:\r\n\r\n The Konqueror webbrowser allows websites to load webpages into\r\n a frame of any other frame-based webpage that the user may have open.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the name CAN-2004-0721 to this issue.\r\n\r\n\r\n3. Impact:\r\n\r\n A malicious website could abuse Konqueror to insert its own frames\r\n into the page of an otherwise trusted website. As a result the user\r\n may unknowingly send confidential information intended for the\r\n trusted website to the malicious website.\r\n \r\n\r\n4. Solution:\r\n\r\n Source code patches have been made available which fix these\r\n vulnerabilities. Contact your OS vendor / binary package provider\r\n for information about how to obtain updated binary packages.\r\n\r\n\r\n5. Patch:\r\n\r\n Patches for KDE 3.0.5b are available from\r\n ftp://ftp.kde.org/pub/kde/security_patches : \r\n\r\n aa3ac08a45851a1c33b2fcd435e1d514 post-3.0.5b-kdelibs-htmlframes.patch\r\n dc4dfff2df75d19e527368f56dc92abb post-3.0.5b-kdebase-htmlframes.patch\r\n\r\n Patches for KDE 3.1.5 are available from\r\n ftp://ftp.kde.org/pub/kde/security_patches : \r\n\r\n e6cebe1f93f7497d720018362077dcf7 post-3.1.5-kdelibs-htmlframes.patch\r\n caa562da0735deacba3ae9170f2bf18f post-3.1.5-kdebase-htmlframes.patch\r\n\r\n Patches for KDE 3.2.3 are available from\r\n ftp://ftp.kde.org/pub/kde/security_patches : \r\n\r\n 8384f2785295be7082d9984ba8e175eb post-3.2.3-kdelibs-htmlframes.patch\r\n a60fd1628607d4abdeb930662d126171 post-3.2.3-kdebase-htmlframes.patch\r\n\r\n\r\n6. Time line and credits:\r\n\r\n\r\n 01/07/2004 Secunia publishes security advisory\r\n 04/08/2004 Patches created\r\n 05/08/2004 Vendors notified\r\n 11/08/2004 Public advisory\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.2 (GNU/Linux)\r\n\r\niD8DBQFBGioxN4pvrENfboIRAi+mAJ0WMjHog9VRHoDpPodNCwV0RhR0UQCeMNE/\r\nhjSS3bG2/H6ZeaD2VSm9hoI=\r\n=YE7B\r\n-----END PGP SIGNATURE-----", "modified": "2004-08-12T00:00:00", "published": "2004-08-12T00:00:00", "id": "SECURITYVULNS:DOC:6606", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6606", "title": "KDE Security Advisories: Temporary File and Konqueror Frame Injection Vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2019-05-30T07:36:51", "bulletinFamily": "unix", "description": "New kdelibs and kdebase packages are available for Slackware 9.1, 10.0,\nand -current to fix security issues.\n\nMore details about this issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0690\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746\n\n\nHere are the details from the Slackware 10.0 ChangeLog:\n\nFri Sep 3 13:13:09 PDT 2004\npatches/packages/kdebase-3.2.3-i486-2.tgz: Patched frame injection\n vulnerability in Konqueror. For more details, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721\n (* Security fix *)\npatches/packages/kdelibs-3.2.3-i486-2.tgz: Patched unsafe temporary directory\n usage, cross-domain cookie injection vulnerability for certain country\n specific domains, and frame injection vulnerability in Konqueror.\n For more details, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0690\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated packages for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kdebase-3.1.4-i486-2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kdelibs-3.1.4-i486-3.tgz\n\nUpdated packages for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/kdebase-3.2.3-i486-2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/kdelibs-3.2.3-i486-2.tgz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/kde/kdebase-3.2.3-i486-2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/kde/kdelibs-3.2.3-i486-2.tgz\n\n\nMD5 signatures:\n\nSlackware 9.1 packages:\n296fc0b2d31c5914b08ab54332312cf9 kdebase-3.1.4-i486-2.tgz\nc0de072389daeb6bd8a1cde2ed1dc8ef kdelibs-3.1.4-i486-3.tgz\n\nSlackware 10.0 packages:\n528edca97f8d6c412742fa8f817abd76 kdebase-3.2.3-i486-2.tgz\n8eabfa597ea805ceb457933d36e144be kdelibs-3.2.3-i486-2.tgz\n\nSlackware -current packages:\n528edca97f8d6c412742fa8f817abd76 kdebase-3.2.3-i486-2.tgz\n8eabfa597ea805ceb457933d36e144be kdelibs-3.2.3-i486-2.tgz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg kdebase-3.2.3-i486-2.tgz kdelibs-3.2.3-i486-2.tgz", "modified": "2004-09-03T22:01:35", "published": "2004-09-03T22:01:35", "id": "SSA-2004-247-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.440345", "title": "kde", "type": "slackware", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
