GLSA Bodhisattva
Joined: 13 Jun 2003 Posts: 4087 Location: Dresden, Germany
|
Posted: Thu Aug 12, 2004 9:51 pm Post subject: [ GLSA 200408-13 ] kdebase, kdelibs: Multiple security issue |
|
|
Gentoo Linux Security Advisory
Title: kdebase, kdelibs: Multiple security issues (GLSA 200408-13)
Severity: normal
Exploitable: remote and local
Date: August 12, 2004
Bug(s): #60068
ID: 200408-13
Synopsis
KDE contains three security issues that can allow an attacker to compromise
system accounts, cause a Denial of Service, or spoof websites via frame
injection.
Background
KDE is a powerful Free Software graphical desktop environment for Linux and
Unix-like Operating Systems.
Affected Packages
Package: kde-base/kdebase
Vulnerable: < 3.2.3-r1
Unaffected: >= 3.2.3-r1
Architectures: All supported architectures
Package: kde-base/kdelibs
Vulnerable: < 3.2.3-r1
Unaffected: >= 3.2.3-r1
Architectures: All supported architectures
Description
KDE contains three security issues:
- Insecure handling of temporary files when running KDE applications
outside of the KDE environment - DCOPServer creates temporary files in an insecure manner
- The Konqueror browser allows websites to load webpages into a target
frame of any other open frame-based webpage
Impact
An attacker could exploit these vulnerabilities to create or overwrite
files with the permissions of another user, compromise the account of users
running a KDE application and insert arbitrary frames into an otherwise
trusted webpage.
Workaround
There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version of kdebase.
Resolution
All KDE users should upgrade to the latest versions of kdelibs and kdebase:
Code: | # emerge sync
# emerge -pv ">=kde-base/kdebase-3.2.3-r1"
# emerge ">=kde-base/kdebase-3.2.3-r1"
# emerge -pv ">=kde-base/kdelibs-3.2.3-r1"
# emerge ">=kde-base/kdelibs-3.2.3-r1" |
References
KDE Advisory: Temporary Directory Vulnerability
KDE Advisory: DCOPServer Temporary Filename Vulnerability
KDE Advisory: Konqueror Frame Injection Vulnerability
Last edited by GLSA on Sun Oct 12, 2014 4:17 am; edited 9 times in total |
|