English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 72151 CVE Beschreibungen
und 38907 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.51892
Kategorie:Mandrake Local Security Checks
Titel:Mandrake Security Advisory MDKSA-2005:058 (kdelibs)
Zusammenfassung:Mandrake Security Advisory MDKSA-2005:058 (kdelibs)
Beschreibung:
The remote host is missing an update to kdelibs
announced via advisory MDKSA-2005:058.

A vulnerability in dcopserver was discovered by Sebastian Krahmer of
the SUSE security team. A local user can lock up the dcopserver of
other users on the same machine by stalling the DCOP authentication
process, causing a local Denial of Service. dcopserver is the KDE
Desktop Communication Procotol daemon (CVE-2005-0396).

As well, the IDN (International Domain Names) support in Konqueror is
vulnerable to a phishing technique known as a Homograph attack. This
attack is made possible due to IDN allowing a website to use a wide
range of international characters that have a strong resemblance to
other characters. This can be used to trick users into thinking they
are on a different trusted site when they are in fact on a site mocked
up to look legitimate using these other characters, known as
homographs. This can be used to trick users into providing personal
information to a site they think is trusted (CVE-2005-0237).

Finally, it was found that the dcopidlng script was vulnerable to
symlink attacks, potentially allowing a local user to overwrite
arbitrary files of a user when the script is run on behalf of that
user. However, this script is only used as part of the build process
of KDE itself and may also be used by the build processes of third-
party KDE applications (CVE-2005-0365).

The updated packages are patched to deal with these issues and
Mandrakesoft encourages all users to upgrade immediately.

Affected versions: 10.0, 10.1, Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:058
http://www.kde.org/info/security/advisory-20050316-1.txt
http://www.kde.org/info/security/advisory-20050316-2.txt
http://www.kde.org/info/security/advisory-20050316-3.txt

Risk factor : Medium
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2005-0396
Bugtraq: 20050316 Multiple KDE Security Advisories (2005-03-16) (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=111099766716483&w=2
http://www.securityfocus.com/archive/1/archive/1/427976/100/0/threaded
http://security.gentoo.org/glsa/glsa-200503-22.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:058
http://www.redhat.com/support/errata/RHSA-2005-307.html
http://www.redhat.com/support/errata/RHSA-2005-325.html
BugTraq ID: 12820
http://www.securityfocus.com/bid/12820
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10432
Common Vulnerability Exposure (CVE) ID: CVE-2005-0237
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html
http://www.shmoo.com/idn
http://www.shmoo.com/idn/homograph.txt
BugTraq ID: 12461
http://www.securityfocus.com/bid/12461
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10671
http://secunia.com/advisories/14162
XForce ISS Database: multiple-browsers-idn-spoof(19236)
http://xforce.iss.net/xforce/xfdb/19236
Common Vulnerability Exposure (CVE) ID: CVE-2005-0365
Bugtraq: 20050211 insecure temporary file creation in kdelibs 3.3.2 (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=110814653804757&w=2
http://fedoranews.org/updates/FEDORA-2005-245.shtml
http://security.gentoo.org/glsa/glsa-200503-14.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:045
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10676
http://securitytracker.com/id?1013525
http://secunia.com/advisories/14254
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 38907 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.