English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2003-59
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date : 20 Oct 2003
 Last revised           : 20 Oct 2003

 Package : kdebase

 Summary : Two issues have been discovered in KDM

 More information :
    Privilege escalation with specific PAM modules.
    Session cookies generated by KDM are potentially insecure.

 Impact :
    The local users may be able to gain root privileges.
    The weak cookie generation may allow non-authorized users to guess the session cookie by
    a brute force attack.

 Affected Products :
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution :
    Please use turbopkg tool to apply the update.


 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/kdebase-2.2.2-16.src.rpm
     13104557 af04ccdf4ccf9720df849613b7c20866

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kdebase-2.2.2-16.i586.rpm
     16158716 f5e1c81fd4ead3e1bf05f66569b3114e
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kdebase-devel-2.2.2-16.i586.rpm
        54350 f61ce9b68c463465ae5846f68879a24e

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/kdebase-2.2.2-16.src.rpm
     13104557 ec056e9910b8715a716bce2a4596fe07

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kdebase-2.2.2-16.i586.rpm
     16157388 79f26858cec0b67cb83097baf35f7ea0
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kdebase-devel-2.2.2-16.i586.rpm
        54264 0687ccf6695c7f0c79cfcbb709e90506

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/kdebase-2.2.2-16.src.rpm
     13104557 75b7decef759e4cd9682c40f1e439bc2

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kdebase-2.2.2-16.i586.rpm
     15775946 917d992f65ac098ce3cc785650c83655
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kdebase-devel-2.2.2-16.i586.rpm
        54281 7dada55383a049a4fd6c845a5013e7ea

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/kdebase-2.2.2-16.src.rpm
     13104557 b2912df0daf619ae9277cb9305a64896

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kdebase-2.2.2-16.i586.rpm
     15761012 c99d88aa9a2a5a2c6915986c3c2ba9d0
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kdebase-devel-2.2.2-16.i586.rpm
        54299 5f9a84f714168c3b846eca52328ef5e0


 References :

 KDE Security Advisory
   http://www.kde.org/info/security/advisory-20030916-1.txt

 CVE
   [CAN-2003-0690]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690
   [CAN-2003-0692]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0692


 --------------------------------------------------------------------------
 Revision History
    20 Oct 2003 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2003 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/k77NK0LzjOqIJMwRAg25AKCAaamBxrS5knbc/qw+3E4Jjx1TfQCeNsqQ
gikNJAdUtl3w8xUuFgRT8cA=
=0kkM
-----END PGP SIGNATURE-----



© 1998-2025 E-Soft Inc. All rights reserved.