Vulnerabilities > CVE-2005-0365 - Unspecified vulnerability in KDE 3.2.X/3.3.X
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200503-14.NASL description The remote host is affected by the vulnerability described in GLSA-200503-14 (KDE dcopidlng: Insecure temporary file creation) Davide Madrisan has discovered that the dcopidlng script creates temporary files in a world-writable directory with predictable names. Impact : A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When dcopidlng is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 17288 published 2005-03-08 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17288 title GLSA-200503-14 : KDE dcopidlng: Insecure temporary file creation code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200503-14. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(17288); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2005-0365"); script_xref(name:"GLSA", value:"200503-14"); script_name(english:"GLSA-200503-14 : KDE dcopidlng: Insecure temporary file creation"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200503-14 (KDE dcopidlng: Insecure temporary file creation) Davide Madrisan has discovered that the dcopidlng script creates temporary files in a world-writable directory with predictable names. Impact : A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When dcopidlng is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200503-14" ); script_set_attribute( attribute:"solution", value: "All kdelibs users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose kde-base/kdelibs" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:kdelibs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/03/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/08"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"kde-base/kdelibs", unaffected:make_list("ge 3.3.2-r5", "rge 3.2.3-r7"), vulnerable:make_list("lt 3.3.2-r5"))) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get()); else security_note(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "KDE dcopidlng"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2005-244.NASL description - Wed Mar 2 2005 Than Ngo <than at redhat.com> 6:3.2.2-14.FC2 - Applied patch to fix DCOP DoS, CVE-2005-0396, #150090 thanks KDE security team - Wed Feb 16 2005 Than Ngo <than at redhat.com> 3.2.2-13.FC2 - Applied patch to fix dcopidlng insecure temporary file usage, CVE-2005-0365, #148823 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 18319 published 2005-05-19 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18319 title Fedora Core 2 : kdelibs-3.2.2-14.FC2 (2005-244) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2005-244. # include("compat.inc"); if (description) { script_id(18319); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_xref(name:"FEDORA", value:"2005-244"); script_name(english:"Fedora Core 2 : kdelibs-3.2.2-14.FC2 (2005-244)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Wed Mar 2 2005 Than Ngo <than at redhat.com> 6:3.2.2-14.FC2 - Applied patch to fix DCOP DoS, CVE-2005-0396, #150090 thanks KDE security team - Wed Feb 16 2005 Than Ngo <than at redhat.com> 3.2.2-13.FC2 - Applied patch to fix dcopidlng insecure temporary file usage, CVE-2005-0365, #148823 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2005-March/000791.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?78ce5371" ); script_set_attribute( attribute:"solution", value: "Update the affected kdelibs, kdelibs-debuginfo and / or kdelibs-devel packages." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdelibs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdelibs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdelibs-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:2"); script_set_attribute(attribute:"patch_publication_date", value:"2005/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/05/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 2.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC2", reference:"kdelibs-3.2.2-14.FC2")) flag++; if (rpm_check(release:"FC2", reference:"kdelibs-debuginfo-3.2.2-14.FC2")) flag++; if (rpm_check(release:"FC2", reference:"kdelibs-devel-3.2.2-14.FC2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdelibs / kdelibs-debuginfo / kdelibs-devel"); }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_29DD006581FA11D9A9E70001020EED82.NASL description Davide Madrisan reports : The `dcopidlng last seen 2020-06-01 modified 2020-06-02 plugin id 18881 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18881 title FreeBSD : kdelibs -- insecure temporary file creation (29dd0065-81fa-11d9-a9e7-0001020eed82) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-045.NASL description A bug in the way kioslave handles URL-encoded newline (%0a) characters before the FTP command was discovered. Because of this, it is possible that a specially crafted URL could be used to execute any ftp command on a remote server, or even send unsolicited email. As well, Davide Madrisan discovered that dcopidlng created temporary files in an insecure manner. The updated packages are patched to deal with these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 17140 published 2005-02-18 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17140 title Mandrake Linux Security Advisory : kdelibs (MDKSA-2005:045) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-325.NASL description Updated kdelibs packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdelibs package provides libraries for the K Desktop Environment. The International Domain Name (IDN) support in the Konqueror browser allowed remote attackers to spoof domain names using punycode encoded domain names. Such domain names are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0237 to this issue. Sebastian Krahmer discovered a flaw in dcopserver, the KDE Desktop Communication Protocol (DCOP) daemon. A local user could use this flaw to stall the DCOP authentication process, affecting any local desktop users and causing a reduction in their desktop functionality. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0396 to this issue. A flaw in the dcopidlng script was discovered. The dcopidlng script would create temporary files with predictable filenames which could allow local users to overwrite arbitrary files via a symlink attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0365 to this issue. Users of KDE should upgrade to these erratum packages which contain backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 17625 published 2005-03-25 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17625 title RHEL 4 : kdelibs (RHSA-2005:325) NASL family Fedora Local Security Checks NASL id FEDORA_2005-245.NASL description - Wed Mar 23 2005 Than Ngo <than at redhat.com> 6:3.3.1-2.9.FC3 - Applied patch to fix konqueror international domain name spoofing, CVE-2005-0237, #147405 - get rid of broken AltiVec instructions on ppc - Wed Mar 2 2005 Than Ngo <than at redhat.com> 6:3.3.1-2.8.FC3 - Applied patch to fix DCOP DoS, CVE-2005-0396, #150092 thanks KDE security team - Wed Feb 16 2005 Than Ngo <than at redhat.com> 6:3.3.1-2.7.FC3 - Applied patch to fix dcopidlng insecure temporary file usage, CVE-2005-0365, #148823 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19631 published 2005-09-12 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19631 title Fedora Core 3 : kdelibs-3.3.1-2.9.FC3 (2005-245) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-058.NASL description A vulnerability in dcopserver was discovered by Sebastian Krahmer of the SUSE security team. A local user can lock up the dcopserver of other users on the same machine by stalling the DCOP authentication process, causing a local Denial of Service. dcopserver is the KDE Desktop Communication Procotol daemon (CVE-2005-0396). As well, the IDN (International Domain Names) support in Konqueror is vulnerable to a phishing technique known as a Homograph attack. This attack is made possible due to IDN allowing a website to use a wide range of international characters that have a strong resemblance to other characters. This can be used to trick users into thinking they are on a different trusted site when they are in fact on a site mocked up to look legitimate using these other characters, known as homographs. This can be used to trick users into providing personal information to a site they think is trusted (CVE-2005-0237). Finally, it was found that the dcopidlng script was vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files of a user when the script is run on behalf of that user. However, this script is only used as part of the build process of KDE itself and may also be used by the build processes of third- party KDE applications (CVE-2005-0365). The updated packages are patched to deal with these issues and Mandrakesoft encourages all users to upgrade immediately. last seen 2020-06-01 modified 2020-06-02 plugin id 17346 published 2005-03-17 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17346 title Mandrake Linux Security Advisory : kdelibs (MDKSA-2005:058)
Oval
accepted | 2013-04-29T04:07:39.700-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack. | ||||||||||||
family | unix | ||||||||||||
id | oval:org.mitre.oval:def:10676 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
title | The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. | ||||||||||||
version | 26 |
Redhat
advisories |
| ||||
rpms |
|
References
- http://bugs.kde.org/show_bug.cgi?id=97608
- http://fedoranews.org/updates/FEDORA-2005-245.shtml
- http://marc.info/?l=bugtraq&m=110814653804757&w=2
- http://secunia.com/advisories/14254
- http://security.gentoo.org/glsa/glsa-200503-14.xml
- http://securitytracker.com/id?1013525
- http://www.kde.org/info/security/advisory-20050316-2.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:045
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:058
- http://www.redhat.com/support/errata/RHSA-2005-325.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10676