English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56443
Category:Fedora Local Security Checks
Title:Fedora Legacy Security Advisory FLSA-2006:178606
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory FLSA-2006:178606.

The International Domain Name (IDN) support in the Konqueror browser
allowed remote attackers to spoof domain names using punycode encoded
domain names. Such domain names are decoded in URLs and SSL certificates
in a way that uses homograph characters from other character sets, which
facilitates phishing attacks. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2005-0237 to this
issue.

Sebastian Krahmer discovered a flaw in dcopserver, the KDE Desktop
Communication Protocol (DCOP) daemon. A local user could use this flaw
to stall the DCOP authentication process, affecting any local desktop
users and causing a reduction in their desktop functionality. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-0396 to this issue.

A buffer overflow was found in the kimgio library for KDE 3.4.0. An
attacker could create a carefully crafted PCX image in such a way that
it would cause kimgio to execute arbitrary code when processing the
image. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2005-1046 to this issue.

A flaw was discovered affecting Kate, the KDE advanced text editor, and
Kwrite. Depending on system settings, it may be possible for a local
user to read the backup files created by Kate or Kwrite. The Common
Vulnerabilities and Exposures project assigned the name CVE-2005-1920 to
this issue.

A heap overflow flaw was discovered affecting kjs, the JavaScript
interpreter engine used by Konqueror and other parts of KDE. An attacker
could create a malicious web site containing carefully crafted
JavaScript code that would trigger this flaw and possibly lead to
arbitrary code execution. The Common Vulnerabilities and Exposures
project assigned the name CVE-2006-0019 to this issue.

Users of KDE should upgrade to these erratum packages, which contain
backported patches to correct these issues.

Affected platforms:
Redhat 7.3
Redhat 9
Fedora Core 1
Fedora Core 2
Fedora Core 3

Solution:
http://www.securityspace.com/smysecure/catid.html?in=FLSA-2006:178606

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-0237
12461
http://www.securityfocus.com/bid/12461
14162
http://secunia.com/advisories/14162
20050206 Re: state of homograph attacks
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html
20050206 state of homograph attacks
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
FLSA:178606
http://www.securityfocus.com/archive/1/427976/100/0/threaded
MDKSA-2005:058
http://www.mandriva.com/security/advisories?name=MDKSA-2005:058
RHSA-2005:325
http://www.redhat.com/support/errata/RHSA-2005-325.html
http://www.kde.org/info/security/advisory-20050316-2.txt
http://www.shmoo.com/idn
http://www.shmoo.com/idn/homograph.txt
multiple-browsers-idn-spoof(19236)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236
oval:org.mitre.oval:def:10671
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10671
Common Vulnerability Exposure (CVE) ID: CVE-2005-0396
12820
http://www.securityfocus.com/bid/12820
20050316 Multiple KDE Security Advisories (2005-03-16)
http://marc.info/?l=bugtraq&m=111099766716483&w=2
GLSA-200503-22
http://security.gentoo.org/glsa/glsa-200503-22.xml
RHSA-2005:307
http://www.redhat.com/support/errata/RHSA-2005-307.html
http://www.kde.org/info/security/advisory-20050316-1.txt
oval:org.mitre.oval:def:10432
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10432
Common Vulnerability Exposure (CVE) ID: CVE-2005-1046
BugTraq ID: 13096
http://www.securityfocus.com/bid/13096
Debian Security Information: DSA-714 (Google Search)
http://www.debian.org/security/2005/dsa-714
http://bugs.kde.org/show_bug.cgi?id=102328
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5802
http://www.redhat.com/support/errata/RHSA-2005-393.html
http://secunia.com/advisories/14908
http://secunia.com/advisories/28114
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1
SuSE Security Announcement: SUSE-SA:2005:022 (Google Search)
http://www.novell.com/linux/security/advisories/2005_22_kdelibs3.html
http://www.vupen.com/english/advisories/2005/0331
http://www.vupen.com/english/advisories/2007/4241
Common Vulnerability Exposure (CVE) ID: CVE-2005-1920
1014512
http://securitytracker.com/id?1014512
14297
http://www.securityfocus.com/bid/14297
16099
http://secunia.com/advisories/16099
20050718 [KDE Security Advisory]: Kate backup file permission leak
http://marc.info/?l=bugtraq&m=112171434023679&w=2
23099
http://secunia.com/advisories/23099
DSA-804
http://www.debian.org/security/2005/dsa-804
GLSA-200611-21
http://security.gentoo.org/glsa/glsa-200611-21.xml
RHSA-2005:612
http://www.redhat.com/support/errata/RHSA-2005-612.html
SUSE-SR:2005:018
http://www.novell.com/linux/security/advisories/2005_18_sr.html
http://www.kde.org/info/security/advisory-20050718-1.txt
oval:org.mitre.oval:def:9434
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9434
Common Vulnerability Exposure (CVE) ID: CVE-2006-0019
1015512
http://securitytracker.com/id?1015512
16325
http://www.securityfocus.com/bid/16325
18500
http://secunia.com/advisories/18500
18540
http://secunia.com/advisories/18540
18552
http://secunia.com/advisories/18552
18559
http://secunia.com/advisories/18559
18561
http://secunia.com/advisories/18561
18570
http://secunia.com/advisories/18570
18583
http://secunia.com/advisories/18583
18899
http://secunia.com/advisories/18899
20060119 [KDE Security Advisory] kjs encodeuri/decodeuri heap overflow
http://www.securityfocus.com/archive/1/422464/100/0/threaded
22659
http://www.osvdb.org/22659
364
http://securityreason.com/securityalert/364
ADV-2006-0265
http://www.vupen.com/english/advisories/2006/0265
DSA-948
http://www.debian.org/security/2006/dsa-948
GLSA-200601-11
http://www.gentoo.org/security/en/glsa/glsa-200601-11.xml
MDKSA-2006:019
http://www.mandriva.com/security/advisories?name=MDKSA-2006:019
RHSA-2006:0184
http://www.redhat.com/support/errata/RHSA-2006-0184.html
SSA:2006-045-05
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.361107
SUSE-SA:2006:003
http://www.securityfocus.com/archive/1/422489/100/0/threaded
USN-245-1
http://www.ubuntu.com/usn/usn-245-1
ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.3-kdelibs-kjs.diff
http://www.kde.org/info/security/advisory-20060119-1.txt
kde-kjs-bo(24242)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24242
oval:org.mitre.oval:def:11858
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11858
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.