4 matches found
CAN-2005-0205
CVE-2005-0205 is a local privilege issue in KDE’s kppp component within the kdenetwork package. The vulnerability stems from a design flaw where kppp leaks privileged file descriptors before exec, allowing a local attacker to read/write privileged descriptors and subsequently modify /etc/hosts or...
Debian DSA-692-1 : kdenetwork - design flaw
The KDE team fixed a bug in kppp in 2002 which was now discovered to be exploitable by iDEFENSE. By opening a sufficiently large number of file descriptors before executing kppp which is installed setuid root a local attacker is able to take over privileged file descriptors. %NASLMINLEVEL 70300 C...
RHEL 2.1 / 3 : kdenetwork (RHSA-2005:175)
Updated kdenetwork packages that fix a file descriptor leak are now available. This update has been rated as having low security impact by the Red Hat Security Response Team The kdenetwork packages contain a collection of networking applications for the K Desktop Environment. A bug was found in t...
CVE-2005-0205
CVE-2005-0205 affects KPPP 2.1.2 and earlier within KDE 3.1.5 and earlier. The issue is a local privilege problem where a setuid-root kppp can fail to close a privileged domain-socket file descriptor when wrappers are not used, enabling a local attacker to read/write /etc/hosts and /etc/resolv.co...