Test ID:	1.3.6.1.4.1.25623.1.0.51462
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2003:747
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2003:747. KDE is a very popular graphical desktop environment available for GNU/Linux and other operating systems. This update includes fixes for several vulnerabilities in the KDE versions distributed with Conectiva Linux: - Konqueror Referrer Leaking Website Authentication Credentials[1]. - KDM privilege escalation with specific PAM modules[3]. - KDM weak session cookies[3]. - PS/PDF file handling vulnerability[6]. (Conectiva Linux 8 only)* * A previous announcement[8] (CLSA-2003:668) has already included the fixes for Conectiva Linux 9. Please note that the KDE packages for Conectiva Linux 8 are being updated to the 3.0.5b version[9], added of patches for the two first aforementioned vulnerabilities. In the case of Conectiva Linux 9, only the affected packages are being updated (with patches). KDE users from Conectiva Linux 7.0 are also vulnerable to these issues and to a Konqueror Embedded SSL vulnerability[10]. It's recommended that these users upgrade to Conectiva Linux 8 or Conectiva Linux 9, which contain several improvements for desktop users. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.kde.org/info/security/advisory-20030729-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0459 http://www.kde.org/info/security/advisory-20030916-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0690 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0692 http://www.kde.org/info/security/advisory-20030409-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0204 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000668&idioma=en http://www.kde.org/info/3.0.5b.php http://www.kde.org/info/security/advisory-20030602-1.txt http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:747 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0459 Bugtraq: 20030802 [slackware-security] KDE packages updated (SSA:2003-213-01) (Google Search) http://marc.info/?l=bugtraq&m=105986238428061&w=2 Conectiva Linux advisory: CLA-2003:747 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 Debian Security Information: DSA-361 (Google Search) http://www.debian.org/security/2003/dsa-361 http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.html http://www.mandriva.com/security/advisories?name=MDKSA-2003:079 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A411 http://www.redhat.com/support/errata/RHSA-2003-235.html http://www.redhat.com/support/errata/RHSA-2003-236.html TurboLinux Advisory: TLSA-2003-45 http://www.turbolinux.com/security/TLSA-2003-45.txt Common Vulnerability Exposure (CVE) ID: CVE-2003-0690 Bugtraq: 20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=106374551513499&w=2 Debian Security Information: DSA-388 (Google Search) http://www.debian.org/security/2003/dsa-388 Debian Security Information: DSA-443 (Google Search) http://www.debian.org/security/2004/dsa-443 http://www.mandriva.com/security/advisories?name=MDKSA-2003:091 http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A193 http://www.redhat.com/support/errata/RHSA-2003-270.html http://www.redhat.com/support/errata/RHSA-2003-286.html http://www.redhat.com/support/errata/RHSA-2003-287.html http://www.redhat.com/support/errata/RHSA-2003-288.html http://www.redhat.com/support/errata/RHSA-2003-289.html Common Vulnerability Exposure (CVE) ID: CVE-2003-0692 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A215 Common Vulnerability Exposure (CVE) ID: CVE-2003-0204 Bugtraq: 20030410 GLSA: kde-3.x (200304-04) (Google Search) http://marc.info/?l=bugtraq&m=105001557020141&w=2 Bugtraq: 20030411 GLSA: kde-2.x (200304-05) (Google Search) http://marc.info/?l=bugtraq&m=105012994719099&w=2 Bugtraq: 20030412 [Sorcerer-spells] KDE-SORCERER2003-04-12 (Google Search) http://marc.info/?l=bugtraq&m=105017403010459&w=2 Bugtraq: 20030414 GLSA: kde-2.x (200304-05.1) (Google Search) http://marc.info/?l=bugtraq&m=105034222521369&w=2 Conectiva Linux advisory: CLA-2003:668 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000668 Debian Security Information: DSA-284 (Google Search) http://www.debian.org/security/2003/dsa-284 Debian Security Information: DSA-293 (Google Search) http://www.debian.org/security/2003/dsa-293 Debian Security Information: DSA-296 (Google Search) http://www.debian.org/security/2003/dsa-296 http://www.mandriva.com/security/advisories?name=MDKSA-2003:049 http://www.redhat.com/support/errata/RHSA-2003-002.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.