Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2005:058 (kdelibs)

Preis/Funktionszusammenfassung | Bestellen | Neue Anfälligkeiten | Vertraulichkeit | Anfälligkeiten Suche

Anfälligkeitssuche		Suche in 61204 CVE Beschreibungen und 32582 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.51892

Kategorie: Mandrake Local Security Checks

Titel: Mandrake Security Advisory MDKSA-2005:058 (kdelibs)

Zusammenfassung: Mandrake Security Advisory MDKSA-2005:058 (kdelibs)

Beschreibung:
The remote host is missing an update to kdelibs
announced via advisory MDKSA-2005:058.

A vulnerability in dcopserver was discovered by Sebastian Krahmer of
the SUSE security team. A local user can lock up the dcopserver of
other users on the same machine by stalling the DCOP authentication
process, causing a local Denial of Service. dcopserver is the KDE
Desktop Communication Procotol daemon (CVE-2005-0396).

As well, the IDN (International Domain Names) support in Konqueror is
vulnerable to a phishing technique known as a Homograph attack. This
attack is made possible due to IDN allowing a website to use a wide
range of international characters that have a strong resemblance to
other characters. This can be used to trick users into thinking they
are on a different trusted site when they are in fact on a site mocked
up to look legitimate using these other characters, known as
homographs. This can be used to trick users into providing personal
information to a site they think is trusted (CVE-2005-0237).

Finally, it was found that the dcopidlng script was vulnerable to
symlink attacks, potentially allowing a local user to overwrite
arbitrary files of a user when the script is run on behalf of that
user. However, this script is only used as part of the build process
of KDE itself and may also be used by the build processes of third-
party KDE applications (CVE-2005-0365).

The updated packages are patched to deal with these issues and
Mandrakesoft encourages all users to upgrade immediately.

Affected versions: 10.0, 10.1, Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:058
http://www.kde.org/info/security/advisory-20050316-1.txt
http://www.kde.org/info/security/advisory-20050316-2.txt
http://www.kde.org/info/security/advisory-20050316-3.txt

Risk factor : Medium

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2005-0396
Bugtraq: 20050316 Multiple KDE Security Advisories (2005-03-16) (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=111099766716483&w=2
http://www.securityfocus.com/archive/1/archive/1/427976/100/0/threaded
http://security.gentoo.org/glsa/glsa-200503-22.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:058
http://www.redhat.com/support/errata/RHSA-2005-307.html
http://www.redhat.com/support/errata/RHSA-2005-325.html
BugTraq ID: 12820
http://www.securityfocus.com/bid/12820
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10432
Common Vulnerability Exposure (CVE) ID: CVE-2005-0237
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html
http://www.shmoo.com/idn
http://www.shmoo.com/idn/homograph.txt
BugTraq ID: 12461
http://www.securityfocus.com/bid/12461
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10671
http://secunia.com/advisories/14162
XForce ISS Database: multiple-browsers-idn-spoof(19236)
http://xforce.iss.net/xforce/xfdb/19236
Common Vulnerability Exposure (CVE) ID: CVE-2005-0365
Bugtraq: 20050211 insecure temporary file creation in kdelibs 3.3.2 (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=110814653804757&w=2
http://fedoranews.org/updates/FEDORA-2005-245.shtml
http://security.gentoo.org/glsa/glsa-200503-14.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:045
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10676
http://securitytracker.com/id?1013525
http://secunia.com/advisories/14254

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 32582 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:

Benutzerkennung:

Passwort:

Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.

Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.

Datenschutz

Anmeldung für registrierte Benutzer

Benutzerkennung:

Passwort:

Benutzerkennung oder Passwort vergessen?

Email/Benutzerkennung:

Test Kennung:	1.3.6.1.4.1.25623.1.0.51892
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDKSA-2005:058 (kdelibs)
Zusammenfassung:	Mandrake Security Advisory MDKSA-2005:058 (kdelibs)
Beschreibung:	The remote host is missing an update to kdelibs announced via advisory MDKSA-2005:058. A vulnerability in dcopserver was discovered by Sebastian Krahmer of the SUSE security team. A local user can lock up the dcopserver of other users on the same machine by stalling the DCOP authentication process, causing a local Denial of Service. dcopserver is the KDE Desktop Communication Procotol daemon (CVE-2005-0396). As well, the IDN (International Domain Names) support in Konqueror is vulnerable to a phishing technique known as a Homograph attack. This attack is made possible due to IDN allowing a website to use a wide range of international characters that have a strong resemblance to other characters. This can be used to trick users into thinking they are on a different trusted site when they are in fact on a site mocked up to look legitimate using these other characters, known as homographs. This can be used to trick users into providing personal information to a site they think is trusted (CVE-2005-0237). Finally, it was found that the dcopidlng script was vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files of a user when the script is run on behalf of that user. However, this script is only used as part of the build process of KDE itself and may also be used by the build processes of third- party KDE applications (CVE-2005-0365). The updated packages are patched to deal with these issues and Mandrakesoft encourages all users to upgrade immediately. Affected versions: 10.0, 10.1, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:058 http://www.kde.org/info/security/advisory-20050316-1.txt http://www.kde.org/info/security/advisory-20050316-2.txt http://www.kde.org/info/security/advisory-20050316-3.txt Risk factor : Medium
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0396 Bugtraq: 20050316 Multiple KDE Security Advisories (2005-03-16) (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=111099766716483&w=2 http://www.securityfocus.com/archive/1/archive/1/427976/100/0/threaded http://security.gentoo.org/glsa/glsa-200503-22.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:058 http://www.redhat.com/support/errata/RHSA-2005-307.html http://www.redhat.com/support/errata/RHSA-2005-325.html BugTraq ID: 12820 http://www.securityfocus.com/bid/12820 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10432 Common Vulnerability Exposure (CVE) ID: CVE-2005-0237 http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html http://www.shmoo.com/idn http://www.shmoo.com/idn/homograph.txt BugTraq ID: 12461 http://www.securityfocus.com/bid/12461 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10671 http://secunia.com/advisories/14162 XForce ISS Database: multiple-browsers-idn-spoof(19236) http://xforce.iss.net/xforce/xfdb/19236 Common Vulnerability Exposure (CVE) ID: CVE-2005-0365 Bugtraq: 20050211 insecure temporary file creation in kdelibs 3.3.2 (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=110814653804757&w=2 http://fedoranews.org/updates/FEDORA-2005-245.shtml http://security.gentoo.org/glsa/glsa-200503-14.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:045 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10676 http://securitytracker.com/id?1013525 http://secunia.com/advisories/14254
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com