English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.51360
Category:Conectiva Local Security Checks
Title:Conectiva Security Advisory CLA-2004:864
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory CLA-2004:864.

KDE[1] is a very popular graphical desktop environment available for
GNU/Linux and other operating systems.

This announcement fixes the following vulnerabilities:

1. Use of predictable directory names (CVE-2004-0689[2])

As discovered by Andrew Tuitt, KDE's usage of predictable directory
names could be used by a local attacker to cause a denial of service,
even allowing file overwritting.

2. Use of insecure temporary files (CVE-2004-0690[3])

KDE's DCOPServer created temporary files in an insecure manner. Since
this temporary files are used for authentication related purposes
this could potentially allow a local attacker to compromise the
account of any user which runs a KDE application.

3. Cookie injection in Konqueror (CVE-2004-0746[4])

WESTPOINT internet reconnaissance services alerted the KDE security
team that the KDE web browser Konqueror allowed websites to set
cookies for certain country specific secondary top level domains and
that it could be used as a part of a session fixation attack.

4. Frame injection in Konqueror (CVE-2004-0721[5])

A frame injection vulnerability was found by Gary McKay first on a
Mozilla browser but it also affected KDE's browser, Konqueror. A
malicious website could use this to load arbitrary content in an
arbitrary frame in any other browser window.


Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.kde.org
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0721
http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:864
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0689
Bugtraq: 20040811 KDE Security Advisories: Temporary File and Konqueror Frame Injection Vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=109225538901170&w=2
Conectiva Linux advisory: CLA-2004:864
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864
Debian Security Information: DSA-539 (Google Search)
http://www.debian.org/security/2004/dsa-539
http://security.gentoo.org/glsa/glsa-200408-13.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9334
http://secunia.com/advisories/12276/
XForce ISS Database: kde-application-symlink(16963)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16963
Common Vulnerability Exposure (CVE) ID: CVE-2004-0690
BugTraq ID: 10924
http://www.securityfocus.com/bid/10924
CERT/CC vulnerability note: VU#330638
http://www.kb.cert.org/vuls/id/330638
http://www.mandriva.com/security/advisories?name=MDKSA-2004:086
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261386
http://secunia.com/advisories/12276
XForce ISS Database: kde-dcopserver-symlink(16962)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16962
Common Vulnerability Exposure (CVE) ID: CVE-2004-0746
BugTraq ID: 10991
http://www.securityfocus.com/bid/10991
Bugtraq: 20040823 KDE Security Advisory: Konqueror Cross-Domain Cookie Injection (Google Search)
http://marc.info/?l=bugtraq&m=109327681304401&w=2
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11281
http://secunia.com/advisories/12341
XForce ISS Database: kde-konqueror-cookie-set(17063)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17063
Common Vulnerability Exposure (CVE) ID: CVE-2004-0721
http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11371
http://secunia.com/advisories/11978
XForce ISS Database: http-frame-spoof(1598)
https://exchange.xforce.ibmcloud.com/vulnerabilities/1598
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.