 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.50365 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 2 FEDORA-2004-122 (kdelibs) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to kdelibs announced via advisory FEDORA-2004-122. Libraries for the K Desktop Environment: KDE Libraries included: kdecore (KDE core library), kdeui (user interface), kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking), kspell (spelling checker), jscript (javascript), kab (addressbook), kimgio (image manipulation). Update Information: iDEFENSE identified a vulnerability in the Opera Web Browser that could allow remote attackers to create or truncate arbitrary files. The KDE team has found that a similar vulnerability exists in KDE. A flaw in the telnet URL handler can allow options to be passed to the telnet program which can be used to allow file creation or overwriting. An attacker could create a carefully crafted link such that when opened by a victim it creates or overwrites a file in the victims home directory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0411 to this issue. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ b271936a42f0370877996f52b25d7304 SRPMS/kdelibs-3.2.2-6.src.rpm 1f002c97bebde36e11f8ebaa8dd49ceb i386/kdelibs-3.2.2-6.i386.rpm fcdb0589544dbc9d878dd99c890429a8 i386/kdelibs-devel-3.2.2-6.i386.rpm 853897fa6815cc47ae2bf92c3352847b i386/debug/kdelibs-debuginfo-3.2.2-6.i386.rpm b2174cd0c744138b24364cccfbf50847 x86_64/kdelibs-3.2.2-6.x86_64.rpm 795aa24e391b667a5b2fb79cb8d4230f x86_64/kdelibs-devel-3.2.2-6.x86_64.rpm e95f633ef222198d8cbb8be067773fae x86_64/debug/kdelibs-debuginfo-3.2.2-6.x86_64.rpm This update can also be installed with the Update Agent you can launch the Update Agent with the 'up2date' command. Solution: Apply the appropriate updates. http://www.fedoranews.org/updates/FEDORA-2004-122.shtml Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
BugTraq ID: 10358 Common Vulnerability Exposure (CVE) ID: CVE-2004-0411 http://www.securityfocus.com/bid/10358 Bugtraq: 20040513 Opera Telnet URI Handler Vulnerability also applies to other browsers (Google Search) http://www.securityfocus.com/archive/1/363225 Bugtraq: 20040517 KDE Security Advisory: URI Handler Vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=108481412427344&w=2 Computer Incident Advisory Center Bulletin: O-146 http://www.ciac.org/ciac/bulletins/o-146.shtml Conectiva Linux advisory: CLA-2004:843 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843 Debian Security Information: DSA-518 (Google Search) http://www.debian.org/security/2004/dsa-518 http://www.securityfocus.com/advisories/6717 http://www.securityfocus.com/advisories/6743 http://security.gentoo.org/glsa/glsa-200405-11.xml http://www.osvdb.org/6107 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A954 http://www.redhat.com/support/errata/RHSA-2004-222.html http://secunia.com/advisories/11602 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.362635 SuSE Security Announcement: SuSE-SA:2003:014 (Google Search) http://www.novell.com/linux/security/advisories/2004_14_kdelibs.html XForce ISS Database: kde-url-handler-gain-access(16163) https://exchange.xforce.ibmcloud.com/vulnerabilities/16163 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |