Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:160: kdebase Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the kdebase package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:160 (kdebase).
Ilja van Sprundel from suresec.org notified the KDE security team about a
serious lock file handling error in kcheckpass that can, in some
configurations, be used to gain root access.
In order for an exploit to succeed, the directory /var/lock has to be writeable
for a user that is allowed to invoke kcheckpass.
The updated packages have been patched to correct this problem.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:160
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.