Vulnerabilities > CVE-2005-0078

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
debian
kde
redhat
nessus

Summary

The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-660.NASL
    descriptionRaphael Enrici discovered that the KDE screensaver can crash under certain local circumstances. This can be exploited by an attacker with physical access to the workstation to take over the desktop session.
    last seen2020-06-01
    modified2020-06-02
    plugin id16262
    published2005-01-26
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16262
    titleDebian DSA-660-1 : kdebase - missing return value check
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-009.NASL
    descriptionUpdated kdelib and kdebase packages that resolve several security issues are now available. The kdelibs packages include libraries for the K Desktop Environment. The kdebase packages include core applications for the K Desktop Environment. Secunia Research discovered a window injection spoofing vulnerability affecting the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a different browser window. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-1158 to this issue. A bug was discovered in the way kioslave handles URL-encoded newline (%0a) characters before the FTP command. It is possible that a specially crafted URL could be used to execute any ftp command on a remote server, or potentially send unsolicited email. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-1165 to this issue. A bug was discovered that can crash KDE screensaver under certain local circumstances. This could allow an attacker with physical access to the workstation to take over a locked desktop session. Please note that this issue only affects Red Hat Enterprise Linux 2.1. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-0078 to this issue. All users of KDE are advised to upgrade to this updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id16366
    published2005-02-10
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/16366
    titleRHEL 2.1 / 3 : kdelibs, kdebase (RHSA-2005:009)

Oval

accepted2013-04-29T04:18:37.274-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
descriptionThe KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.
familyunix
idoval:org.mitre.oval:def:9260
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleKonqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
version26

Redhat

advisories
rhsa
idRHSA-2005:009
rpms
  • kdebase-6:3.1.3-5.8
  • kdebase-debuginfo-6:3.1.3-5.8
  • kdebase-devel-6:3.1.3-5.8
  • kdelibs-6:3.1.3-6.9
  • kdelibs-debuginfo-6:3.1.3-6.9
  • kdelibs-devel-6:3.1.3-6.9