Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2005:058 (kdelibs)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51892

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2005:058 (kdelibs)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to kdelibs
announced via advisory MDKSA-2005:058.

A vulnerability in dcopserver was discovered by Sebastian Krahmer of
the SUSE security team. A local user can lock up the dcopserver of
other users on the same machine by stalling the DCOP authentication
process, causing a local Denial of Service. dcopserver is the KDE
Desktop Communication Procotol daemon (CVE-2005-0396).

As well, the IDN (International Domain Names) support in Konqueror is
vulnerable to a phishing technique known as a Homograph attack. This
attack is made possible due to IDN allowing a website to use a wide
range of international characters that have a strong resemblance to
other characters. This can be used to trick users into thinking they
are on a different trusted site when they are in fact on a site mocked
up to look legitimate using these other characters, known as
homographs. This can be used to trick users into providing personal
information to a site they think is trusted (CVE-2005-0237).

Finally, it was found that the dcopidlng script was vulnerable to
symlink attacks, potentially allowing a local user to overwrite
arbitrary files of a user when the script is run on behalf of that
user. However, this script is only used as part of the build process
of KDE itself and may also be used by the build processes of third-
party KDE applications (CVE-2005-0365).

The updated packages are patched to deal with these issues and
Mandrakesoft encourages all users to upgrade immediately.

Affected versions: 10.0, 10.1, Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:058
http://www.kde.org/info/security/advisory-20050316-1.txt
http://www.kde.org/info/security/advisory-20050316-2.txt
http://www.kde.org/info/security/advisory-20050316-3.txt

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-0396
BugTraq ID: 12820
http://www.securityfocus.com/bid/12820
Bugtraq: 20050316 Multiple KDE Security Advisories (2005-03-16) (Google Search)
http://marc.info/?l=bugtraq&m=111099766716483&w=2
http://www.securityfocus.com/archive/1/427976/100/0/threaded
http://security.gentoo.org/glsa/glsa-200503-22.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:058
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10432
http://www.redhat.com/support/errata/RHSA-2005-307.html
http://www.redhat.com/support/errata/RHSA-2005-325.html
Common Vulnerability Exposure (CVE) ID: CVE-2005-0237
BugTraq ID: 12461
http://www.securityfocus.com/bid/12461
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
http://www.shmoo.com/idn
http://www.shmoo.com/idn/homograph.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10671
http://secunia.com/advisories/14162
XForce ISS Database: multiple-browsers-idn-spoof(19236)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236
Common Vulnerability Exposure (CVE) ID: CVE-2005-0365
Bugtraq: 20050211 insecure temporary file creation in kdelibs 3.3.2 (Google Search)
http://marc.info/?l=bugtraq&m=110814653804757&w=2
http://fedoranews.org/updates/FEDORA-2005-245.shtml
http://security.gentoo.org/glsa/glsa-200503-14.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:045
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10676
http://securitytracker.com/id?1013525
http://secunia.com/advisories/14254

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51892
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2005:058 (kdelibs)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to kdelibs announced via advisory MDKSA-2005:058. A vulnerability in dcopserver was discovered by Sebastian Krahmer of the SUSE security team. A local user can lock up the dcopserver of other users on the same machine by stalling the DCOP authentication process, causing a local Denial of Service. dcopserver is the KDE Desktop Communication Procotol daemon (CVE-2005-0396). As well, the IDN (International Domain Names) support in Konqueror is vulnerable to a phishing technique known as a Homograph attack. This attack is made possible due to IDN allowing a website to use a wide range of international characters that have a strong resemblance to other characters. This can be used to trick users into thinking they are on a different trusted site when they are in fact on a site mocked up to look legitimate using these other characters, known as homographs. This can be used to trick users into providing personal information to a site they think is trusted (CVE-2005-0237). Finally, it was found that the dcopidlng script was vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files of a user when the script is run on behalf of that user. However, this script is only used as part of the build process of KDE itself and may also be used by the build processes of third- party KDE applications (CVE-2005-0365). The updated packages are patched to deal with these issues and Mandrakesoft encourages all users to upgrade immediately. Affected versions: 10.0, 10.1, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:058 http://www.kde.org/info/security/advisory-20050316-1.txt http://www.kde.org/info/security/advisory-20050316-2.txt http://www.kde.org/info/security/advisory-20050316-3.txt Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0396 BugTraq ID: 12820 http://www.securityfocus.com/bid/12820 Bugtraq: 20050316 Multiple KDE Security Advisories (2005-03-16) (Google Search) http://marc.info/?l=bugtraq&m=111099766716483&w=2 http://www.securityfocus.com/archive/1/427976/100/0/threaded http://security.gentoo.org/glsa/glsa-200503-22.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:058 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10432 http://www.redhat.com/support/errata/RHSA-2005-307.html http://www.redhat.com/support/errata/RHSA-2005-325.html Common Vulnerability Exposure (CVE) ID: CVE-2005-0237 BugTraq ID: 12461 http://www.securityfocus.com/bid/12461 http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html http://www.shmoo.com/idn http://www.shmoo.com/idn/homograph.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10671 http://secunia.com/advisories/14162 XForce ISS Database: multiple-browsers-idn-spoof(19236) https://exchange.xforce.ibmcloud.com/vulnerabilities/19236 Common Vulnerability Exposure (CVE) ID: CVE-2005-0365 Bugtraq: 20050211 insecure temporary file creation in kdelibs 3.3.2 (Google Search) http://marc.info/?l=bugtraq&m=110814653804757&w=2 http://fedoranews.org/updates/FEDORA-2005-245.shtml http://security.gentoo.org/glsa/glsa-200503-14.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10676 http://securitytracker.com/id?1013525 http://secunia.com/advisories/14254
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com