Test Kennung:	1.3.6.1.4.1.25623.1.0.51346
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2004:843
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2004:843. KDE[1] is a very popular graphical desktop environment available for GNU/Linux and other operating systems. iDefense initially published[2] an advisory about a vulnerability[4] in the Opera browser. After some auditing, the KDE development team found out[3] that KDE has a similar vulnerability. The telnet, rlogin, ssh and mailto URI handlers in KDE do not check for '-' at the beginning of the hostname passed, which makes it possible to pass an option to the programs started by the handlers. KDE in Conetiva Linux 9, in addition to having these vulnerabilities fixed, is also being upgraded to the 3.1.5 version to address other problems not related to security. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:843 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : High CVSS Score: 7.5
Querverweis:	BugTraq ID: 10358 Common Vulnerability Exposure (CVE) ID: CVE-2004-0411 http://www.securityfocus.com/bid/10358 Bugtraq: 20040513 Opera Telnet URI Handler Vulnerability also applies to other browsers (Google Search) http://www.securityfocus.com/archive/1/363225 Bugtraq: 20040517 KDE Security Advisory: URI Handler Vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=108481412427344&w=2 Computer Incident Advisory Center Bulletin: O-146 http://www.ciac.org/ciac/bulletins/o-146.shtml Conectiva Linux advisory: CLA-2004:843 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843 Debian Security Information: DSA-518 (Google Search) http://www.debian.org/security/2004/dsa-518 http://www.securityfocus.com/advisories/6717 http://www.securityfocus.com/advisories/6743 http://security.gentoo.org/glsa/glsa-200405-11.xml http://www.osvdb.org/6107 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A954 http://www.redhat.com/support/errata/RHSA-2004-222.html http://secunia.com/advisories/11602 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.362635 SuSE Security Announcement: SuSE-SA:2003:014 (Google Search) http://www.novell.com/linux/security/advisories/2004_14_kdelibs.html XForce ISS Database: kde-url-handler-gain-access(16163) https://exchange.xforce.ibmcloud.com/vulnerabilities/16163
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.