ServicesSecurity Alerts

KDE DCOPServer Insecure Temporary File Creation Vulnerability

2004-09-09 14:48:49 Marketing Dept



Vulnerability Name： KDE DCOPServer Insecure Temporary File Creation Vulnerability Published Date： 2004-08-11 Updated Date： 2004-08-23 CVE Number： CAN-2004-0690 Bugtraq ID：10924 Vulnerable： Gentoo Linux 1.4 KDE KDE 3.2 KDE KDE 3.2.1 KDE KDE 3.2.2 + KDE KDE 3.2.2 KDE KDE 3.2.3 MandrakeSoft Linux Mandrake 9.2 amd64 MandrakeSoft Linux Mandrake 9.2 MandrakeSoft Linux Mandrake 10.0 AMD64 MandrakeSoft Linux Mandrake 10.0 Not Vulnerable： Description： KDEs DCOPServer is reported to contain an insecure temporary file creation vulnerability. This is due to the use of the mktemp() function. Since temporary files are used by the DCOP daemon for authentication purposes, a local attacker may possibly exploit this vulnerability to compromise the account of a targeted user running KDE. A local attacker may also possibly exploit this vulnerability to execute symbolic link file overwrite attacks. This may allow an attacker to overwrite arbitrary files with the privileges of the targeted user. Privilege escalation may also be possible using this method of attack. KDE versions from 3.2.0 to 3.2.3 are reported susceptible to this vulnerability. Vender Status： Have Patches. Solution： KDE KDE 3.2: Mandrake Upgrade kdebase-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-konsole-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-nsplugins-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-progs-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdelibs-common-3.2-36.3.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-devel-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-kate-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-kate-devel-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-kmenuedit-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-konsole-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-nsplugins-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-nsplugins-devel-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdecore4-3.2-36.3.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdecore4-devel-3.2-36.3.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-common-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-kate-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-kcontrol-data-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-kdeprintfax-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-kdm-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-kdm-config-file-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-kmenuedit-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-konsole-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-nsplugins-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-progs-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdelibs-common-3.2-36.3.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-devel-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-kate-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-kate-devel-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-kmenuedit-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-konsole-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-nsplugins-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-nsplugins-devel-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdecore4-3.2-36.3.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdecore4-devel-3.2-36.3.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-common-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-kate-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-kcontrol-data-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-kdeprintfax-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-kdm-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-kdm-config-file-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-kmenuedit-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 KDE KDE 3.2.1: KDE Patch post-3.2.3-kdelibs-dcopserver.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-dcopserver.patch KDE KDE 3.2.2: KDE Patch post-3.2.3-kdelibs-dcopserver.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-dcopserver.patch KDE KDE 3.2.3: KDE Patch post-3.2.3-kdelibs-dcopserver.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-dcopserver.patch

Editor： Marketing Dept

【Large Medium Small】【close】

■ LINK:

®2004 Information Security One (China) Ltd. All right reserved | Privacy Policy | Legal Notice