English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 72151 CVE descriptions
and 38907 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.51462
Category:Conectiva Local Security Checks
Title:Conectiva Security Advisory CLA-2003:747
Summary:Conectiva Security Advisory CLA-2003:747
Description:
The remote host is missing updates announced in
advisory CLA-2003:747.

KDE is a very popular graphical desktop environment available for
GNU/Linux and other operating systems.

This update includes fixes for several vulnerabilities in the KDE
versions distributed with Conectiva Linux:

- Konqueror Referrer Leaking Website Authentication Credentials[1].
- KDM privilege escalation with specific PAM modules[3].
- KDM weak session cookies[3].
- PS/PDF file handling vulnerability[6]. (Conectiva Linux 8 only)*

* A previous announcement[8] (CLSA-2003:668) has already included the
fixes for Conectiva Linux 9.

Please note that the KDE packages for Conectiva Linux 8 are being
updated to the 3.0.5b version[9], added of patches for the two first
aforementioned vulnerabilities. In the case of Conectiva Linux 9,
only the affected packages are being updated (with patches).

KDE users from Conectiva Linux 7.0 are also vulnerable to these
issues and to a Konqueror Embedded SSL vulnerability[10]. It's
recommended that these users upgrade to Conectiva Linux 8 or
Conectiva Linux 9, which contain several improvements for desktop
users.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.kde.org/info/security/advisory-20030729-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0459
http://www.kde.org/info/security/advisory-20030916-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0692
http://www.kde.org/info/security/advisory-20030409-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0204
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000668&idioma=en
http://www.kde.org/info/3.0.5b.php
http://www.kde.org/info/security/advisory-20030602-1.txt
http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:747
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2003-0459
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.html
http://www.redhat.com/support/errata/RHSA-2003-235.html
http://www.redhat.com/support/errata/RHSA-2003-236.html
http://www.mandriva.com/security/advisories?name=MDKSA-2003:079
TurboLinux Advisory: TLSA-2003-45
http://www.turbolinux.com/security/TLSA-2003-45.txt
Debian Security Information: DSA-361 (Google Search)
http://www.debian.org/security/2003/dsa-361
Conectiva Linux advisory: CLA-2003:747
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
Bugtraq: 20030802 [slackware-security] KDE packages updated (SSA:2003-213-01) (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=105986238428061&w=2
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:411
Common Vulnerability Exposure (CVE) ID: CVE-2003-0690
http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
Bugtraq: 20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=106374551513499&w=2
Debian Security Information: DSA-388 (Google Search)
http://www.debian.org/security/2003/dsa-388
Debian Security Information: DSA-443 (Google Search)
http://www.debian.org/security/2004/dsa-443
http://www.mandriva.com/security/advisories?name=MDKSA-2003:091
http://www.redhat.com/support/errata/RHSA-2003-270.html
http://www.redhat.com/support/errata/RHSA-2003-286.html
http://www.redhat.com/support/errata/RHSA-2003-289.html
http://www.redhat.com/support/errata/RHSA-2003-287.html
http://www.redhat.com/support/errata/RHSA-2003-288.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:193
Common Vulnerability Exposure (CVE) ID: CVE-2003-0692
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:215
Common Vulnerability Exposure (CVE) ID: CVE-2003-0204
Debian Security Information: DSA-284 (Google Search)
http://www.debian.org/security/2003/dsa-284
Debian Security Information: DSA-293 (Google Search)
http://www.debian.org/security/2003/dsa-293
Debian Security Information: DSA-296 (Google Search)
http://www.debian.org/security/2003/dsa-296
http://www.mandriva.com/security/advisories?name=MDKSA-2003:049
http://www.redhat.com/support/errata/RHSA-2003-002.html
Conectiva Linux advisory: CLA-2003:668
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000668
Bugtraq: 20030410 GLSA: kde-3.x (200304-04) (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=105001557020141&w=2
Bugtraq: 20030411 GLSA: kde-2.x (200304-05) (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=105012994719099&w=2
Bugtraq: 20030414 GLSA: kde-2.x (200304-05.1) (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=105034222521369&w=2
Bugtraq: 20030412 [Sorcerer-spells] KDE-SORCERER2003-04-12 (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=105017403010459&w=2
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 38907 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.