Slackware Local Security Checks : Slackware: Security Advisory (SSA:2004-014-01)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.53949

Categoría: Slackware Local Security Checks

Título: Slackware: Security Advisory (SSA:2004-014-01)

Resumen: The remote host is missing an update for the 'kdepim' package(s) announced via the SSA:2004-014-01 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kdepim' package(s) announced via the SSA:2004-014-01 advisory.

Vulnerability Insight:
New kdepim packages are available for Slackware 9.0 and 9.1 to
fix a security issue with .VCF file handling. For Slackware -current,
a complete upgrade to kde-3.1.5 is available.

Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Wed Jan 14 11:58:58 PST 2004
patches/packages/kdepim-3.1.4-i486-2.tgz: Recompiled with security patch
post-3.1.4-kdepim-kfile-plugins.diff. From the KDE advisory:

The KDE team has found a buffer overflow in the file information reader
of VCF files. A carefully crafted .VCF file potentially enables local
attackers to compromise the privacy of a victim's data or execute
arbitrary commands with the victim's privileges.
By default, file information reading is disabled for remote files.
However, if previews are enabled for remote files, remote attackers may
be able to compromise the victim's account.

For more details, see:
[link moved to references]
(* Security fix *)
+--------------------------+

Affected Software/OS:
'kdepim' package(s) on Slackware 9.0, Slackware 9.1, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0988
BugTraq ID: 9419
http://www.securityfocus.com/bid/9419
Bugtraq: 20040114 KDE Security Advisory: VCF file information reader vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=107412130407906&w=2
CERT/CC vulnerability note: VU#820798
http://www.kb.cert.org/vuls/id/820798
Conectiva Linux advisory: CLA-2004:810
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000810
http://security.gentoo.org/glsa/glsa-200404-02.xml
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:003
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A858
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A865
http://www.redhat.com/support/errata/RHSA-2004-005.html
http://www.redhat.com/support/errata/RHSA-2004-006.html
XForce ISS Database: kde-kdepim-bo(14833)
https://exchange.xforce.ibmcloud.com/vulnerabilities/14833

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.53949
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2004-014-01)
Resumen:	The remote host is missing an update for the 'kdepim' package(s) announced via the SSA:2004-014-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kdepim' package(s) announced via the SSA:2004-014-01 advisory. Vulnerability Insight: New kdepim packages are available for Slackware 9.0 and 9.1 to fix a security issue with .VCF file handling. For Slackware -current, a complete upgrade to kde-3.1.5 is available. Here are the details from the Slackware 9.1 ChangeLog: +--------------------------+ Wed Jan 14 11:58:58 PST 2004 patches/packages/kdepim-3.1.4-i486-2.tgz: Recompiled with security patch post-3.1.4-kdepim-kfile-plugins.diff. From the KDE advisory: The KDE team has found a buffer overflow in the file information reader of VCF files. A carefully crafted .VCF file potentially enables local attackers to compromise the privacy of a victim's data or execute arbitrary commands with the victim's privileges. By default, file information reading is disabled for remote files. However, if previews are enabled for remote files, remote attackers may be able to compromise the victim's account. For more details, see: [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'kdepim' package(s) on Slackware 9.0, Slackware 9.1, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0988 BugTraq ID: 9419 http://www.securityfocus.com/bid/9419 Bugtraq: 20040114 KDE Security Advisory: VCF file information reader vulnerability (Google Search) http://marc.info/?l=bugtraq&m=107412130407906&w=2 CERT/CC vulnerability note: VU#820798 http://www.kb.cert.org/vuls/id/820798 Conectiva Linux advisory: CLA-2004:810 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000810 http://security.gentoo.org/glsa/glsa-200404-02.xml http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:003 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A858 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A865 http://www.redhat.com/support/errata/RHSA-2004-005.html http://www.redhat.com/support/errata/RHSA-2004-006.html XForce ISS Database: kde-kdepim-bo(14833) https://exchange.xforce.ibmcloud.com/vulnerabilities/14833
Copyright	Copyright (C) 2012 Greenbone AG