English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.50567
Kategorie:Mandrake Local Security Checks
Titel:Mandrake Security Advisory MDKSA-2004:086 (kdelibs/kdebase)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing an update to kdelibs/kdebase
announced via advisory MDKSA-2004:086.

A number of vulnerabilities were discovered in KDE that are corrected
with these update packages.

The integrity of symlinks used by KDE are not ensured and as a result
can be abused by local attackers to create or truncate arbitrary files
or to prevent KDE applications from functioning correctly
(CVE-2004-0689).

The DCOPServer creates temporary files in an insecure manner. These
temporary files are used for authentication-related purposes, so this
could potentially allow a local attacker to compromise the account of
any user running a KDE application (CVE-2004-0690). Note that only
KDE 3.2.x is affected by this vulnerability.

The Konqueror web browser allows websites to load web pages into a
frame of any other frame-based web page that the user may have open.
This could potentially allow a malicious website to make Konqueror
insert its own frames into the page of an otherwise trusted website
(CAN-02004-0721).

The Konqueror web browser also allows websites to set cookies for
certain country-specific top-level domains. This can be done to
make Konqueror send the cookies to all other web sites operating
under the same domain, which can be abused to become part of a
session fixation attack. All country-specific secondary top-level
domains that use more than 2 characters in the secondary part of the
domain name, and that use a secondary part other than com, net, mil,
org, gove, edu, or int are affected (CVE-2004-0746).

Affected versions: 10.0, 9.2

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0746
http://www.kde.org/info/security/advisory-20040811-1.txt
http://www.kde.org/info/security/advisory-20040811-2.txt
http://www.kde.org/info/security/advisory-20040811-3.txt
http://www.kde.org/info/security/advisory-20040820-1.txt

Risk factor : High

CVSS Score:
7.5

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2004-0689
Bugtraq: 20040811 KDE Security Advisories: Temporary File and Konqueror Frame Injection Vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=109225538901170&w=2
Conectiva Linux advisory: CLA-2004:864
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864
Debian Security Information: DSA-539 (Google Search)
http://www.debian.org/security/2004/dsa-539
http://security.gentoo.org/glsa/glsa-200408-13.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9334
http://secunia.com/advisories/12276/
XForce ISS Database: kde-application-symlink(16963)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16963
Common Vulnerability Exposure (CVE) ID: CVE-2004-0690
BugTraq ID: 10924
http://www.securityfocus.com/bid/10924
CERT/CC vulnerability note: VU#330638
http://www.kb.cert.org/vuls/id/330638
http://www.mandriva.com/security/advisories?name=MDKSA-2004:086
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261386
http://secunia.com/advisories/12276
XForce ISS Database: kde-dcopserver-symlink(16962)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16962
Common Vulnerability Exposure (CVE) ID: CVE-2004-0746
BugTraq ID: 10991
http://www.securityfocus.com/bid/10991
Bugtraq: 20040823 KDE Security Advisory: Konqueror Cross-Domain Cookie Injection (Google Search)
http://marc.info/?l=bugtraq&m=109327681304401&w=2
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11281
http://secunia.com/advisories/12341
XForce ISS Database: kde-konqueror-cookie-set(17063)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17063
Common Vulnerability Exposure (CVE) ID: CVE-2004-0721
http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11371
http://secunia.com/advisories/11978
XForce ISS Database: http-frame-spoof(1598)
https://exchange.xforce.ibmcloud.com/vulnerabilities/1598
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.