Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Mandrake Local Security Checks --> Category: infos

MDKSA-2004:086: kdelibs/kdebase Vulnerability Scan

Vulnerability Scan Summary
Check for the version of the kdelibs/kdebase package

Detailed Explanation for this Vulnerability Test

The remote host is missing the patch for the advisory MDKSA-2004:086 (kdelibs/kdebase).

A number of vulnerabilities were discovered in KDE that are corrected with these
update packages.
The integrity of symlinks used by KDE are not ensured and as a result can be
abused by local attackers to create or truncate arbitrary files or to prevent
KDE applications from functioning correctly (CVE-2004-0689).
The DCOPServer creates temporary files in an insecure manner. These temporary
files are used for authentication-related purposes, so this could potentially
allow a local attacker to compromise the account of any user running a KDE
application (CVE-2004-0690). Note that only KDE 3.2.x is affected by this
The Konqueror web browser allows websites to load web pages into a frame of any
other frame-based web page that the user may have open. This could potentially
allow a malicious website to make Konqueror insert its own frames into the page
of an otherwise trusted website (CVE-2004-0721).
The Konqueror web browser also allows websites to set cookies for certain
country-specific top-level domains. This can be done to make Konqueror send the
cookies to all other web sites operating under the same domain, which can be
abused to become part of a session fixation attack. All country-specific
secondary top-level domains that use more than 2 characters in the secondary
part of the domain name, and that use a secondary part other than com, net, mil,
org, gove, edu, or int are affected (CVE-2004-0746).

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.