Vulnerabilities > CVE-2005-0237 - Unspecified vulnerability in KDE and Konqueror

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
kde
nessus

Summary

The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Vulnerable Configurations

Part Description Count
Application
Kde
1
OS
Kde
1

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2005_022.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:022 (kdelibs3). Several vulnerabilities have been identified and fixed in the KDE desktop environment. - A buffer overflow via specially crafted PCX pictures was fixed. This could lead to a remote attacker being able to execute code as the user opening or viewing a PCX images. This PCX image could have been embedded within a web page or Email. This affects SUSE Linux 9.1 up to 9.3, SUSE Linux Enterprise Server 9 and Novell Linux Desktop 9. - The IDN domain name cloaking problem was fixed. A remote website could disguise its name as another potentially trusted site by using a extension originally meant for non-ASCII domain names by using
    last seen2020-06-01
    modified2020-06-02
    plugin id18014
    published2005-04-12
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18014
    titleSUSE-SA:2005:022: kdelibs3
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:022
    #
    
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    include("compat.inc");
    
    if(description)
    {
     script_id(18014);
     script_version ("1.11");
     script_cve_id("CVE-2005-0237", "CVE-2005-0396");
     
     name["english"] = "SUSE-SA:2005:022: kdelibs3";
     
     script_name(english:name["english"]);
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a vendor-supplied security patch" );
     script_set_attribute(attribute:"description", value:
    "The remote host is missing the patch for the advisory SUSE-SA:2005:022 (kdelibs3).
    
    
    Several vulnerabilities have been identified and fixed in the KDE
    desktop environment.
    
    - A buffer overflow via specially crafted PCX pictures was fixed.
    
    This could lead to a remote attacker being able to execute code
    as the user opening or viewing a PCX images. This PCX image could
    have been embedded within a web page or Email.
    
    This affects SUSE Linux 9.1 up to 9.3, SUSE Linux Enterprise Server
    9 and Novell Linux Desktop 9.
    
    
    - The IDN domain name cloaking problem was fixed.
    
    A remote website could disguise its name as another potentially
    trusted site by using a extension originally meant for non-ASCII
    domain names by using 'homographs' which look exactly like other
    letters.
    
    The fix used by KDE is only use homographs for trusted domains.
    It is disabled by default for the .net, .com and .org domains.
    
    This issue exists in SUSE Linux 9.1 and 9.2, SUSE Linux Enterprise
    Server 9 and Novell Linux Desktop 9.  It has been assigned the
    Mitre CVE ID  CVE-2005-0233.
    
    
    - A denial of service attack against the DCOP service was fixed.
    
    A local user could cause another users KDE session to visible hang
    by writing bad data to the world-writable DCOP socket. The socket
    has been made writable only for the user itself.
    
    This was found by Sebastian Krahmer of SUSE Security.
    
    This affects all SUSE Linux versions, except SUSE Linux 9.3.
    Updates for SUSE Linux up to 9.0 and SUSE Linux Enterprise Server
    8 are not included for this minor issue. They will be included
    should a later security update for different issues be necessary.
    
    This is tracked by the Mitre CVE ID CVE-2005-0396.
    
    Additionally following bug was fixed:
    
    - A possible race in the DNS resolver causing unresolved hosts in rare
    cases was fixed.  This only affected SUSE Linux 9.3." );
     script_set_attribute(attribute:"solution", value:
    "http://www.suse.de/security/advisories/2005_22_kdelibs3.html" );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
    
    
    
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2005/04/12");
      script_cvs_date("Date: 2019/10/25 13:36:28");
     script_end_attributes();
    
     
     summary["english"] = "Check for the version of the kdelibs3 package";
     script_summary(english:summary["english"]);
     
     script_category(ACT_GATHER_INFO);
     
     script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
     family["english"] = "SuSE Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/SuSE/rpm-list");
     exit(0);
    }
    
    include("rpm.inc");
    if ( rpm_check( reference:"kdelibs3-3.2.1-44.46", release:"SUSE9.1") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"kdelibs3-3.3.0-34.5", release:"SUSE9.2") )
    {
     security_warning(0);
     exit(0);
    }
    if ( rpm_check( reference:"kdelibs3-3.4.0-20.3", release:"SUSE9.3") )
    {
     security_warning(0);
     exit(0);
    }
    if (rpm_exists(rpm:"kdelibs3-", release:"SUSE9.1")
     || rpm_exists(rpm:"kdelibs3-", release:"SUSE9.2")
     || rpm_exists(rpm:"kdelibs3-", release:"SUSE9.3") )
    {
     set_kb_item(name:"CVE-2005-0237", value:TRUE);
     set_kb_item(name:"CVE-2005-0396", value:TRUE);
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-325.NASL
    descriptionUpdated kdelibs packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdelibs package provides libraries for the K Desktop Environment. The International Domain Name (IDN) support in the Konqueror browser allowed remote attackers to spoof domain names using punycode encoded domain names. Such domain names are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0237 to this issue. Sebastian Krahmer discovered a flaw in dcopserver, the KDE Desktop Communication Protocol (DCOP) daemon. A local user could use this flaw to stall the DCOP authentication process, affecting any local desktop users and causing a reduction in their desktop functionality. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0396 to this issue. A flaw in the dcopidlng script was discovered. The dcopidlng script would create temporary files with predictable filenames which could allow local users to overwrite arbitrary files via a symlink attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0365 to this issue. Users of KDE should upgrade to these erratum packages which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id17625
    published2005-03-25
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17625
    titleRHEL 4 : kdelibs (RHSA-2005:325)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:325. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(17625);
      script_version ("1.26");
      script_cvs_date("Date: 2019/10/25 13:36:11");
    
      script_cve_id("CVE-2005-0237", "CVE-2005-0365", "CVE-2005-0396");
      script_xref(name:"RHSA", value:"2005:325");
    
      script_name(english:"RHEL 4 : kdelibs (RHSA-2005:325)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kdelibs packages that fix several security issues are now
    available for Red Hat Enterprise Linux 4.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The kdelibs package provides libraries for the K Desktop Environment.
    
    The International Domain Name (IDN) support in the Konqueror browser
    allowed remote attackers to spoof domain names using punycode encoded
    domain names. Such domain names are decoded in URLs and SSL
    certificates in a way that uses homograph characters from other
    character sets, which facilitates phishing attacks. The Common
    Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
    name CVE-2005-0237 to this issue.
    
    Sebastian Krahmer discovered a flaw in dcopserver, the KDE Desktop
    Communication Protocol (DCOP) daemon. A local user could use this flaw
    to stall the DCOP authentication process, affecting any local desktop
    users and causing a reduction in their desktop functionality. The
    Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CVE-2005-0396 to this issue.
    
    A flaw in the dcopidlng script was discovered. The dcopidlng script
    would create temporary files with predictable filenames which could
    allow local users to overwrite arbitrary files via a symlink attack.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CVE-2005-0365 to this issue.
    
    Users of KDE should upgrade to these erratum packages which contain
    backported patches to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0237"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0365"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0396"
      );
      # http://www.kde.org/info/security/advisory-20050316-3.txt
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.kde.org/info/security/advisory-20050316-3.txt"
      );
      # http://www.kde.org/info/security/advisory-20050316-2.txt
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.kde.org/info/security/advisory-20050316-2.txt"
      );
      # http://www.kde.org/info/security/advisory-20050316-1.txt
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.kde.org/info/security/advisory-20050316-1.txt"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2005:325"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kdelibs and / or kdelibs-devel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2005:325";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"kdelibs-3.3.1-3.6")) flag++;
      if (rpm_check(release:"RHEL4", reference:"kdelibs-devel-3.3.1-3.6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdelibs / kdelibs-devel");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-245.NASL
    description - Wed Mar 23 2005 Than Ngo <than at redhat.com> 6:3.3.1-2.9.FC3 - Applied patch to fix konqueror international domain name spoofing, CVE-2005-0237, #147405 - get rid of broken AltiVec instructions on ppc - Wed Mar 2 2005 Than Ngo <than at redhat.com> 6:3.3.1-2.8.FC3 - Applied patch to fix DCOP DoS, CVE-2005-0396, #150092 thanks KDE security team - Wed Feb 16 2005 Than Ngo <than at redhat.com> 6:3.3.1-2.7.FC3 - Applied patch to fix dcopidlng insecure temporary file usage, CVE-2005-0365, #148823 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id19631
    published2005-09-12
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19631
    titleFedora Core 3 : kdelibs-3.3.1-2.9.FC3 (2005-245)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2005-245.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(19631);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:23");
    
      script_cve_id("CVE-2005-0365");
      script_xref(name:"FEDORA", value:"2005-245");
    
      script_name(english:"Fedora Core 3 : kdelibs-3.3.1-2.9.FC3 (2005-245)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Wed Mar 23 2005 Than Ngo <than at redhat.com>
        6:3.3.1-2.9.FC3
    
      - Applied patch to fix konqueror international domain name
        spoofing, CVE-2005-0237, #147405
    
      - get rid of broken AltiVec instructions on ppc
    
      - Wed Mar 2 2005 Than Ngo <than at redhat.com>
        6:3.3.1-2.8.FC3
    
      - Applied patch to fix DCOP DoS, CVE-2005-0396, #150092
        thanks KDE security team
    
      - Wed Feb 16 2005 Than Ngo <than at redhat.com>
        6:3.3.1-2.7.FC3
    
      - Applied patch to fix dcopidlng insecure temporary file
        usage, CVE-2005-0365, #148823
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/announce/2005-March/000793.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?52f23b2e"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected kdelibs, kdelibs-debuginfo and / or kdelibs-devel
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdelibs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdelibs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdelibs-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/09/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC3", reference:"kdelibs-3.3.1-2.9.FC3")) flag++;
    if (rpm_check(release:"FC3", reference:"kdelibs-debuginfo-3.3.1-2.9.FC3")) flag++;
    if (rpm_check(release:"FC3", reference:"kdelibs-devel-3.3.1-2.9.FC3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdelibs / kdelibs-debuginfo / kdelibs-devel");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-058.NASL
    descriptionA vulnerability in dcopserver was discovered by Sebastian Krahmer of the SUSE security team. A local user can lock up the dcopserver of other users on the same machine by stalling the DCOP authentication process, causing a local Denial of Service. dcopserver is the KDE Desktop Communication Procotol daemon (CVE-2005-0396). As well, the IDN (International Domain Names) support in Konqueror is vulnerable to a phishing technique known as a Homograph attack. This attack is made possible due to IDN allowing a website to use a wide range of international characters that have a strong resemblance to other characters. This can be used to trick users into thinking they are on a different trusted site when they are in fact on a site mocked up to look legitimate using these other characters, known as homographs. This can be used to trick users into providing personal information to a site they think is trusted (CVE-2005-0237). Finally, it was found that the dcopidlng script was vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files of a user when the script is run on behalf of that user. However, this script is only used as part of the build process of KDE itself and may also be used by the build processes of third- party KDE applications (CVE-2005-0365). The updated packages are patched to deal with these issues and Mandrakesoft encourages all users to upgrade immediately.
    last seen2020-06-01
    modified2020-06-02
    plugin id17346
    published2005-03-17
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17346
    titleMandrake Linux Security Advisory : kdelibs (MDKSA-2005:058)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2005:058. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(17346);
      script_version ("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:47");
    
      script_cve_id("CVE-2005-0233", "CVE-2005-0237", "CVE-2005-0365", "CVE-2005-0396");
      script_xref(name:"MDKSA", value:"2005:058");
    
      script_name(english:"Mandrake Linux Security Advisory : kdelibs (MDKSA-2005:058)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A vulnerability in dcopserver was discovered by Sebastian Krahmer of
    the SUSE security team. A local user can lock up the dcopserver of
    other users on the same machine by stalling the DCOP authentication
    process, causing a local Denial of Service. dcopserver is the KDE
    Desktop Communication Procotol daemon (CVE-2005-0396).
    
    As well, the IDN (International Domain Names) support in Konqueror is
    vulnerable to a phishing technique known as a Homograph attack. This
    attack is made possible due to IDN allowing a website to use a wide
    range of international characters that have a strong resemblance to
    other characters. This can be used to trick users into thinking they
    are on a different trusted site when they are in fact on a site mocked
    up to look legitimate using these other characters, known as
    homographs. This can be used to trick users into providing personal
    information to a site they think is trusted (CVE-2005-0237).
    
    Finally, it was found that the dcopidlng script was vulnerable to
    symlink attacks, potentially allowing a local user to overwrite
    arbitrary files of a user when the script is run on behalf of that
    user. However, this script is only used as part of the build process
    of KDE itself and may also be used by the build processes of third-
    party KDE applications (CVE-2005-0365).
    
    The updated packages are patched to deal with these issues and
    Mandrakesoft encourages all users to upgrade immediately."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.kde.org/info/security/advisory-20050316-1.txt"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.kde.org/info/security/advisory-20050316-2.txt"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.kde.org/info/security/advisory-20050316-3.txt"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdelibs-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdecore4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdecore4-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdecore4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdecore4-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/03/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK10.0", reference:"kdelibs-common-3.2-36.12.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdecore4-3.2-36.12.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdecore4-devel-3.2-36.12.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdecore4-3.2-36.12.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdecore4-devel-3.2-36.12.100mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK10.1", reference:"kdelibs-common-3.2.3-104.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdecore4-3.2.3-104.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdecore4-devel-3.2.3-104.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdecore4-3.2.3-104.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdecore4-devel-3.2.3-104.2.101mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    

Oval

accepted2013-04-29T04:07:36.938-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionThe International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
familyunix
idoval:org.mitre.oval:def:10671
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
version26

Redhat

advisories
rhsa
idRHSA-2005:325
rpms
  • kdelibs-6:3.3.1-3.6
  • kdelibs-debuginfo-6:3.3.1-3.6
  • kdelibs-devel-6:3.3.1-3.6