Test ID:	1.3.6.1.4.1.25623.1.0.50318
Category:	Fedora Local Security Checks
Title:	Fedora Core 1 FEDORA-2004-121 (kdelibs)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to kdelibs announced via advisory FEDORA-2004-121. Libraries for the K Desktop Environment: KDE Libraries included: kdecore (KDE core library), kdeui (user interface), kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking), kspell (spelling checker), jscript (javascript), kab (addressbook), kimgio (image manipulation). Update Information: iDEFENSE identified a vulnerability in the Opera Web Browser that could allow remote attackers to create or truncate arbitrary files. The KDE team has found that a similar vulnerability exists in KDE. A flaw in the telnet URL handler can allow options to be passed to the telnet program which can be used to allow file creation or overwriting. An attacker could create a carefully crafted link such that when opened by a victim it creates or overwrites a file in the victims home directory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0411 to this issue. * Sun May 16 2004 Than Ngo 6:3.1.4-5 - KDE Telnet URI Handler File Vulnerability, vulnerability in the mailto handler, CVE-2004-0411 This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 17ef612d8376994d49d775e65f7cf3e2 SRPMS/kdelibs-3.1.4-5.src.rpm 67043b7db880bd1c5a6f6a860e357c3f i386/kdelibs-3.1.4-5.i386.rpm 4d7004becf7fb55a35530c49e77c36b7 i386/kdelibs-devel-3.1.4-5.i386.rpm d2ecc5a35193a30df1fa70bb382bc708 i386/debug/kdelibs-debuginfo-3.1.4-5.i386.rpm 7b91158e81b7291826d5ba614179d706 x86_64/kdelibs-3.1.4-5.x86_64.rpm 6a213815b2584be92ec32da05a985cba x86_64/kdelibs-devel-3.1.4-5.x86_64.rpm b136d3d183e72666f6f56e6a507c10f3 x86_64/debug/kdelibs-debuginfo-3.1.4-5.x86_64.rpm This update can also be installed with the Update Agent you can launch the Update Agent with the 'up2date' command. Solution: Apply the appropriate updates. http://www.fedoranews.org/updates/FEDORA-2004-121.shtml Risk factor : High CVSS Score: 7.5
Cross-Ref:	BugTraq ID: 10358 Common Vulnerability Exposure (CVE) ID: CVE-2004-0411 http://www.securityfocus.com/bid/10358 Bugtraq: 20040513 Opera Telnet URI Handler Vulnerability also applies to other browsers (Google Search) http://www.securityfocus.com/archive/1/363225 Bugtraq: 20040517 KDE Security Advisory: URI Handler Vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=108481412427344&w=2 Computer Incident Advisory Center Bulletin: O-146 http://www.ciac.org/ciac/bulletins/o-146.shtml Conectiva Linux advisory: CLA-2004:843 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843 Debian Security Information: DSA-518 (Google Search) http://www.debian.org/security/2004/dsa-518 http://www.securityfocus.com/advisories/6717 http://www.securityfocus.com/advisories/6743 http://security.gentoo.org/glsa/glsa-200405-11.xml http://www.osvdb.org/6107 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A954 http://www.redhat.com/support/errata/RHSA-2004-222.html http://secunia.com/advisories/11602 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.362635 SuSE Security Announcement: SuSE-SA:2003:014 (Google Search) http://www.novell.com/linux/security/advisories/2004_14_kdelibs.html XForce ISS Database: kde-url-handler-gain-access(16163) https://exchange.xforce.ibmcloud.com/vulnerabilities/16163
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.