Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.51892 |
Categoría: | Mandrake Local Security Checks |
Título: | Mandrake Security Advisory MDKSA-2005:058 (kdelibs) |
Resumen: | NOSUMMARY |
Descripción: | Description: The remote host is missing an update to kdelibs announced via advisory MDKSA-2005:058. A vulnerability in dcopserver was discovered by Sebastian Krahmer of the SUSE security team. A local user can lock up the dcopserver of other users on the same machine by stalling the DCOP authentication process, causing a local Denial of Service. dcopserver is the KDE Desktop Communication Procotol daemon (CVE-2005-0396). As well, the IDN (International Domain Names) support in Konqueror is vulnerable to a phishing technique known as a Homograph attack. This attack is made possible due to IDN allowing a website to use a wide range of international characters that have a strong resemblance to other characters. This can be used to trick users into thinking they are on a different trusted site when they are in fact on a site mocked up to look legitimate using these other characters, known as homographs. This can be used to trick users into providing personal information to a site they think is trusted (CVE-2005-0237). Finally, it was found that the dcopidlng script was vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files of a user when the script is run on behalf of that user. However, this script is only used as part of the build process of KDE itself and may also be used by the build processes of third- party KDE applications (CVE-2005-0365). The updated packages are patched to deal with these issues and Mandrakesoft encourages all users to upgrade immediately. Affected versions: 10.0, 10.1, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:058 http://www.kde.org/info/security/advisory-20050316-1.txt http://www.kde.org/info/security/advisory-20050316-2.txt http://www.kde.org/info/security/advisory-20050316-3.txt Risk factor : Medium CVSS Score: 5.0 |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-0396 BugTraq ID: 12820 http://www.securityfocus.com/bid/12820 Bugtraq: 20050316 Multiple KDE Security Advisories (2005-03-16) (Google Search) http://marc.info/?l=bugtraq&m=111099766716483&w=2 http://www.securityfocus.com/archive/1/427976/100/0/threaded http://security.gentoo.org/glsa/glsa-200503-22.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:058 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10432 http://www.redhat.com/support/errata/RHSA-2005-307.html http://www.redhat.com/support/errata/RHSA-2005-325.html Common Vulnerability Exposure (CVE) ID: CVE-2005-0237 BugTraq ID: 12461 http://www.securityfocus.com/bid/12461 http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html http://www.shmoo.com/idn http://www.shmoo.com/idn/homograph.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10671 http://secunia.com/advisories/14162 XForce ISS Database: multiple-browsers-idn-spoof(19236) https://exchange.xforce.ibmcloud.com/vulnerabilities/19236 Common Vulnerability Exposure (CVE) ID: CVE-2005-0365 Bugtraq: 20050211 insecure temporary file creation in kdelibs 3.3.2 (Google Search) http://marc.info/?l=bugtraq&m=110814653804757&w=2 http://fedoranews.org/updates/FEDORA-2005-245.shtml http://security.gentoo.org/glsa/glsa-200503-14.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10676 http://securitytracker.com/id?1013525 http://secunia.com/advisories/14254 |
Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |