|
|
Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2004:086: kdelibs/kdebase Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the kdelibs/kdebase package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2004:086 (kdelibs/kdebase).
A number of vulnerabilities were discovered in KDE that are corrected with these
update packages.
The integrity of symlinks used by KDE are not ensured and as a result can be
abused by local attackers to create or truncate arbitrary files or to prevent
KDE applications from functioning correctly (CVE-2004-0689).
The DCOPServer creates temporary files in an insecure manner. These temporary
files are used for authentication-related purposes, so this could potentially
allow a local attacker to compromise the account of any user running a KDE
application (CVE-2004-0690). Note that only KDE 3.2.x is affected by this
vulnerability.
The Konqueror web browser allows websites to load web pages into a frame of any
other frame-based web page that the user may have open. This could potentially
allow a malicious website to make Konqueror insert its own frames into the page
of an otherwise trusted website (CVE-2004-0721).
The Konqueror web browser also allows websites to set cookies for certain
country-specific top-level domains. This can be done to make Konqueror send the
cookies to all other web sites operating under the same domain, which can be
abused to become part of a session fixation attack. All country-specific
secondary top-level domains that use more than 2 characters in the secondary
part of the domain name, and that use a secondary part other than com, net, mil,
org, gove, edu, or int are affected (CVE-2004-0746).
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:086
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
