Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2005:045 (kdelibs)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51710

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2005:045 (kdelibs)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to kdelibs
announced via advisory MDKSA-2005:045.

A bug in the way kioslave handles URL-encoded newline (%0a)
characters before the FTP command was discovered. Because of this, it
is possible that a specially crafted URL could be used to execute any
ftp command on a remote server, or even send unsolicited email.

As well, Davide Madrisan discovered that dcopidlng created temporary
files in an insecure manner.

The updated packages are patched to deal with these issues.

Affected versions: 10.0, 10.1, Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1165
http://www.kde.org/info/security/advisory-20050101-1.txt
http://bugs.kde.org/show_bug.cgi?id=97608

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-1165
Bugtraq: 20041205 7a69Adv#16 - Konqueror FTP command injection (Google Search)
http://marc.info/?l=bugtraq&m=110245752232681&w=2
Debian Security Information: DSA-631 (Google Search)
http://www.debian.org/security/2005/dsa-631
http://www.gentoo.org/security/en/glsa/glsa-200501-18.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:045
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9645
http://www.redhat.com/support/errata/RHSA-2005-009.html
http://www.redhat.com/support/errata/RHSA-2005-065.html
XForce ISS Database: web-browser-ftp-command-execution(18384)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18384

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51710
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2005:045 (kdelibs)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to kdelibs announced via advisory MDKSA-2005:045. A bug in the way kioslave handles URL-encoded newline (%0a) characters before the FTP command was discovered. Because of this, it is possible that a specially crafted URL could be used to execute any ftp command on a remote server, or even send unsolicited email. As well, Davide Madrisan discovered that dcopidlng created temporary files in an insecure manner. The updated packages are patched to deal with these issues. Affected versions: 10.0, 10.1, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:045 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1165 http://www.kde.org/info/security/advisory-20050101-1.txt http://bugs.kde.org/show_bug.cgi?id=97608 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1165 Bugtraq: 20041205 7a69Adv#16 - Konqueror FTP command injection (Google Search) http://marc.info/?l=bugtraq&m=110245752232681&w=2 Debian Security Information: DSA-631 (Google Search) http://www.debian.org/security/2005/dsa-631 http://www.gentoo.org/security/en/glsa/glsa-200501-18.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9645 http://www.redhat.com/support/errata/RHSA-2005-009.html http://www.redhat.com/support/errata/RHSA-2005-065.html XForce ISS Database: web-browser-ftp-command-execution(18384) https://exchange.xforce.ibmcloud.com/vulnerabilities/18384
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com