Vulnerabilities > CVE-2004-0690 - Unspecified vulnerability in KDE 3.2.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
kde
nessus
NVD
Published: 2004-09-28
Updated: 2024-11-20

Summary

The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.

Vulnerable Configurations

Part Description Count
OS
Kde
1

Nessus

  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2004-247-01.NASL
    descriptionNew kdelibs and kdebase packages are available for Slackware 9.1, 10.0, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id18782
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18782
    titleSlackware 10.0 / 9.1 / current : kde (SSA:2004-247-01)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_603FE36DEC9D11D8B913000C41E2CDAD.NASL
    descriptionAccording to a KDE Security Advisory, KDE may sometimes create temporary files without properly checking the ownership and type of the target path. This could allow a local attacker to cause KDE applications to overwrite arbitrary files.
    last seen2020-06-01
    modified2020-06-02
    plugin id24307
    published2007-02-09
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24307
    titleFreeBSD : kdelibs insecure temporary file handling (603fe36d-ec9d-11d8-b913-000c41e2cdad)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-086.NASL
    descriptionA number of vulnerabilities were discovered in KDE that are corrected with these update packages. The integrity of symlinks used by KDE are not ensured and as a result can be abused by local attackers to create or truncate arbitrary files or to prevent KDE applications from functioning correctly (CVE-2004-0689). The DCOPServer creates temporary files in an insecure manner. These temporary files are used for authentication-related purposes, so this could potentially allow a local attacker to compromise the account of any user running a KDE application (CVE-2004-0690). Note that only KDE 3.2.x is affected by this vulnerability. The Konqueror web browser allows websites to load web pages into a frame of any other frame-based web page that the user may have open. This could potentially allow a malicious website to make Konqueror insert its own frames into the page of an otherwise trusted website (CVE-2004-0721). The Konqueror web browser also allows websites to set cookies for certain country-specific top-level domains. This can be done to make Konqueror send the cookies to all other web sites operating under the same domain, which can be abused to become part of a session fixation attack. All country-specific secondary top-level domains that use more than 2 characters in the secondary part of the domain name, and that use a secondary part other than com, net, mil, org, gove, edu, or int are affected (CVE-2004-0746).
    last seen2020-06-01
    modified2020-06-02
    plugin id14335
    published2004-08-22
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14335
    titleMandrake Linux Security Advisory : kdelibs/kdebase (MDKSA-2004:086)

References