ServicesSecurity Alerts

KDE Insecure Temporary Directory Symlink Vulnerability

2004-09-09 14:51:06 Marketing Dept



Vulnerability Name： KDE Insecure Temporary Directory Symlink Vulnerability Published Date： 2004-08-11 Updated Date： 2004-08-23 CVE Number： CAN-2004-0689 Bugtraq ID：10922 Vulnerable： Gentoo Linux 1.4 KDE KDE 3.0 + Conectiva Linux 8.0 KDE KDE 3.0.1 KDE KDE 3.0.2 + MandrakeSoft Linux Mandrake 8.2 KDE KDE 3.0.3 a KDE KDE 3.0.3 + Conectiva Linux 8.0 + Conectiva Linux Enterprise Edition 1.0 + FreeBSD FreeBSD 4.7 -STABLE + MandrakeSoft Linux Mandrake 9.0 KDE KDE 3.0.4 + Gentoo Linux 1.2 + Gentoo Linux 1.4 _rc1 KDE KDE 3.0.5 b KDE KDE 3.0.5 a + RedHat Linux 7.3 i386 + RedHat Linux 8.0 i386 KDE KDE 3.0.5 + Conectiva Linux 8.0 KDE KDE 3.1 + RedHat Linux 9.0 i386 + S.u.S.E. Linux 8.1 KDE KDE 3.1.1 a KDE KDE 3.1.1 + Conectiva Linux 9.0 + S.u.S.E. Linux 8.2 KDE KDE 3.1.2 + Conectiva Linux 9.0 + KDE KDE 3.1.2 KDE KDE 3.1.3 KDE KDE 3.1.4 KDE KDE 3.1.5 KDE KDE 3.2 KDE KDE 3.2.1 KDE KDE 3.2.2 + KDE KDE 3.2.2 KDE KDE 3.2.3 MandrakeSoft Linux Mandrake 9.2 amd64 MandrakeSoft Linux Mandrake 9.2 MandrakeSoft Linux Mandrake 10.0 AMD64 MandrakeSoft Linux Mandrake 10.0 Not Vulnerable： Description： KDE is reported to contain a temporary directory symlink vulnerability. This vulnerability is due to improper validation of the ownership of temporary directories. Local attackers can cause KDE applications to fail, denying service to users, or to overwrite arbitrary files with the privileges of the target user. Privilege escalation may be possible. Source patches have been made available by KDE to resolve this issue. Vender Status： Have Patches. Solution： KDE KDE 3.0: KDE Patch post-3.0.5b-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.0.5b-kdelibs-kstandarddirs.patch KDE KDE 3.0.1: KDE Patch post-3.0.5b-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.0.5b-kdelibs-kstandarddirs.patch KDE KDE 3.0.2: KDE Patch post-3.0.5b-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.0.5b-kdelibs-kstandarddirs.patch KDE KDE 3.0.3 a: KDE Patch post-3.0.5b-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.0.5b-kdelibs-kstandarddirs.patch KDE KDE 3.0.3: KDE Patch post-3.0.5b-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.0.5b-kdelibs-kstandarddirs.patch KDE KDE 3.0.4: KDE Patch post-3.0.5b-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.0.5b-kdelibs-kstandarddirs.patch KDE KDE 3.0.5 b: KDE Patch post-3.0.5b-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.0.5b-kdelibs-kstandarddirs.patch KDE KDE 3.0.5 a: KDE Patch post-3.0.5b-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.0.5b-kdelibs-kstandarddirs.patch KDE KDE 3.0.5: KDE Patch post-3.0.5b-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.0.5b-kdelibs-kstandarddirs.patch KDE KDE 3.1: KDE Patch post-3.1.5-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.5-kdelibs-kstandarddirs.patch KDE KDE 3.1.1 a: KDE Patch post-3.1.5-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.5-kdelibs-kstandarddirs.patch KDE KDE 3.1.1: KDE Patch post-3.1.5-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.5-kdelibs-kstandarddirs.patch KDE KDE 3.1.2: KDE Patch post-3.1.5-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.5-kdelibs-kstandarddirs.patch KDE KDE 3.1.3: KDE Patch post-3.1.5-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.5-kdelibs-kstandarddirs.patch Mandrake Upgrade kdebase-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade kdebase-common-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade kdebase-kate-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade kdebase-kdeprintfax-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade kdebase-kdm-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade kdebase-kdm-config-file-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade kdebase-konsole-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade kdebase-nsplugins-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade kdebase-progs-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade kdelibs-common-3.1.3-35.3.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade libkdebase4-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade libkdebase4-devel-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade libkdebase4-kate-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade libkdebase4-kate-devel-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade libkdebase4-konsole-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade libkdebase4-nsplugins-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade libkdebase4-nsplugins-devel-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade libkdecore4-3.1.3-35.3.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade libkdecore4-devel-3.1.3-35.3.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade kdebase-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade kdebase-common-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade kdebase-kate-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade kdebase-kdeprintfax-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade kdebase-kdm-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade kdebase-kdm-config-file-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade kdebase-konsole-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade kdebase-nsplugins-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade kdebase-progs-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade kdelibs-common-3.1.3-35.3.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade lib64kdebase4-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade lib64kdebase4-devel-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade lib64kdebase4-kate-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade lib64kdebase4-kate-devel-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade lib64kdebase4-konsole-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade lib64kdebase4-nsplugins-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade lib64kdebase4-nsplugins-devel-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade lib64kdecore4-3.1.3-35.3.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade lib64kdecore4-devel-3.1.3-35.3.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 KDE KDE 3.1.4: KDE Patch post-3.1.5-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.5-kdelibs-kstandarddirs.patch KDE KDE 3.1.5: KDE Patch post-3.1.5-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.5-kdelibs-kstandarddirs.patch KDE KDE 3.2: Mandrake Upgrade kdebase-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-common-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-kate-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-kcontrol-data-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-kdeprintfax-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-kdm-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-kdm-config-file-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-kmenuedit-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-konsole-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-nsplugins-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-progs-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdelibs-common-3.2-36.3.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-devel-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-kate-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-kate-devel-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-kmenuedit-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-konsole-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-nsplugins-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-nsplugins-devel-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdecore4-3.2-36.3.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdecore4-devel-3.2-36.3.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-common-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-kate-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-kcontrol-data-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-kdeprintfax-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-kdm-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-kdm-config-file-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-kmenuedit-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-konsole-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-nsplugins-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-progs-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdelibs-common-3.2-36.3.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-devel-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-kate-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-kate-devel-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-kmenuedit-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-konsole-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-nsplugins-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-nsplugins-devel-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdecore4-3.2-36.3.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdecore4-devel-3.2-36.3.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 KDE KDE 3.2.1: KDE Patch post-3.2.3-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-kstandarddirs.patch KDE KDE 3.2.2: KDE Patch post-3.2.3-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-kstandarddirs.patch KDE KDE 3.2.3: KDE Patch post-3.2.3-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-kstandarddirs.patch

Editor： Marketing Dept

【Large Medium Small】【close】

■ LINK:

®2004 Information Security One (China) Ltd. All right reserved | Privacy Policy | Legal Notice