FreeBSD Local Security Checks : FreeBSD Ports: kdelibs

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52423

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: kdelibs

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to the system
as announced in the referenced advisory.

The following package is affected: kdelibs

CVE-2004-0689
KDE before 3.3.0 does not properly handle when certain symbolic links
point to 'stale' locations, which could allow local users to create or
truncate arbitrary files.

CVE-2004-0690
The DCOPServer in KDE 3.2.3 and earlier allows local users to gain
unauthorized access via a symlink attack on DCOP files in the /tmp
directory.

Solution:
Update your system with the appropriate patches or
software upgrades.

http://www.kde.org/info/security/advisory-20040811-1.txt
http://www.kde.org/info/security/advisory-20040811-2.txt
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-kstandarddirs.patch
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-dcopserver.patch
http://www.vuxml.org/freebsd/603fe36d-ec9d-11d8-b913-000c41e2cdad.html

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0689
Bugtraq: 20040811 KDE Security Advisories: Temporary File and Konqueror Frame Injection Vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=109225538901170&w=2
Conectiva Linux advisory: CLA-2004:864
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864
Debian Security Information: DSA-539 (Google Search)
http://www.debian.org/security/2004/dsa-539
http://security.gentoo.org/glsa/glsa-200408-13.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9334
http://secunia.com/advisories/12276/
XForce ISS Database: kde-application-symlink(16963)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16963
Common Vulnerability Exposure (CVE) ID: CVE-2004-0690
BugTraq ID: 10924
http://www.securityfocus.com/bid/10924
CERT/CC vulnerability note: VU#330638
http://www.kb.cert.org/vuls/id/330638
http://www.mandriva.com/security/advisories?name=MDKSA-2004:086
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261386
http://secunia.com/advisories/12276
XForce ISS Database: kde-dcopserver-symlink(16962)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16962

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52423
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: kdelibs
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to the system as announced in the referenced advisory. The following package is affected: kdelibs CVE-2004-0689 KDE before 3.3.0 does not properly handle when certain symbolic links point to 'stale' locations, which could allow local users to create or truncate arbitrary files. CVE-2004-0690 The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory. Solution: Update your system with the appropriate patches or software upgrades. http://www.kde.org/info/security/advisory-20040811-1.txt http://www.kde.org/info/security/advisory-20040811-2.txt ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-dcopserver.patch http://www.vuxml.org/freebsd/603fe36d-ec9d-11d8-b913-000c41e2cdad.html CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0689 Bugtraq: 20040811 KDE Security Advisories: Temporary File and Konqueror Frame Injection Vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=109225538901170&w=2 Conectiva Linux advisory: CLA-2004:864 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 Debian Security Information: DSA-539 (Google Search) http://www.debian.org/security/2004/dsa-539 http://security.gentoo.org/glsa/glsa-200408-13.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9334 http://secunia.com/advisories/12276/ XForce ISS Database: kde-application-symlink(16963) https://exchange.xforce.ibmcloud.com/vulnerabilities/16963 Common Vulnerability Exposure (CVE) ID: CVE-2004-0690 BugTraq ID: 10924 http://www.securityfocus.com/bid/10924 CERT/CC vulnerability note: VU#330638 http://www.kb.cert.org/vuls/id/330638 http://www.mandriva.com/security/advisories?name=MDKSA-2004:086 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261386 http://secunia.com/advisories/12276 XForce ISS Database: kde-dcopserver-symlink(16962) https://exchange.xforce.ibmcloud.com/vulnerabilities/16962
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com