Conectiva Local Security Checks : Conectiva Security Advisory CLA-2004:843

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51346

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2004:843

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2004:843.

KDE[1] is a very popular graphical desktop environment available for
GNU/Linux and other operating systems.

iDefense initially published[2] an advisory about a vulnerability[4]
in the Opera browser. After some auditing, the KDE development team
found out[3] that KDE has a similar vulnerability.

The telnet, rlogin, ssh and mailto URI handlers in KDE do not check
for '-' at the beginning of the hostname passed, which makes it
possible to pass an option to the programs started by the handlers.

KDE in Conetiva Linux 9, in addition to having these vulnerabilities
fixed, is also being upgraded to the 3.1.5 version to address other
problems not related to security.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:843
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 10358
Common Vulnerability Exposure (CVE) ID: CVE-2004-0411
http://www.securityfocus.com/bid/10358
Bugtraq: 20040513 Opera Telnet URI Handler Vulnerability also applies to other browsers (Google Search)
http://www.securityfocus.com/archive/1/363225
Bugtraq: 20040517 KDE Security Advisory: URI Handler Vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=108481412427344&w=2
Computer Incident Advisory Center Bulletin: O-146
http://www.ciac.org/ciac/bulletins/o-146.shtml
Conectiva Linux advisory: CLA-2004:843
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843
Debian Security Information: DSA-518 (Google Search)
http://www.debian.org/security/2004/dsa-518
http://www.securityfocus.com/advisories/6717
http://www.securityfocus.com/advisories/6743
http://security.gentoo.org/glsa/glsa-200405-11.xml
http://www.osvdb.org/6107
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A954
http://www.redhat.com/support/errata/RHSA-2004-222.html
http://secunia.com/advisories/11602
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.362635
SuSE Security Announcement: SuSE-SA:2003:014 (Google Search)
http://www.novell.com/linux/security/advisories/2004_14_kdelibs.html
XForce ISS Database: kde-url-handler-gain-access(16163)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16163

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51346
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2004:843
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2004:843. KDE[1] is a very popular graphical desktop environment available for GNU/Linux and other operating systems. iDefense initially published[2] an advisory about a vulnerability[4] in the Opera browser. After some auditing, the KDE development team found out[3] that KDE has a similar vulnerability. The telnet, rlogin, ssh and mailto URI handlers in KDE do not check for '-' at the beginning of the hostname passed, which makes it possible to pass an option to the programs started by the handlers. KDE in Conetiva Linux 9, in addition to having these vulnerabilities fixed, is also being upgraded to the 3.1.5 version to address other problems not related to security. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:843 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 10358 Common Vulnerability Exposure (CVE) ID: CVE-2004-0411 http://www.securityfocus.com/bid/10358 Bugtraq: 20040513 Opera Telnet URI Handler Vulnerability also applies to other browsers (Google Search) http://www.securityfocus.com/archive/1/363225 Bugtraq: 20040517 KDE Security Advisory: URI Handler Vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=108481412427344&w=2 Computer Incident Advisory Center Bulletin: O-146 http://www.ciac.org/ciac/bulletins/o-146.shtml Conectiva Linux advisory: CLA-2004:843 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843 Debian Security Information: DSA-518 (Google Search) http://www.debian.org/security/2004/dsa-518 http://www.securityfocus.com/advisories/6717 http://www.securityfocus.com/advisories/6743 http://security.gentoo.org/glsa/glsa-200405-11.xml http://www.osvdb.org/6107 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A954 http://www.redhat.com/support/errata/RHSA-2004-222.html http://secunia.com/advisories/11602 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.362635 SuSE Security Announcement: SuSE-SA:2003:014 (Google Search) http://www.novell.com/linux/security/advisories/2004_14_kdelibs.html XForce ISS Database: kde-url-handler-gain-access(16163) https://exchange.xforce.ibmcloud.com/vulnerabilities/16163
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com