Vulnerabilities > CVE-2005-0754

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
kde
conectiva
gentoo
redhat
ubuntu
nessus

Summary

Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200504-23.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200504-23 (Kommander: Insecure remote script execution) Kommander executes data files from possibly untrusted locations without user confirmation. Impact : An attacker could exploit this to execute arbitrary code with the permissions of the user running Kommander. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id18126
    published2005-04-25
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18126
    titleGLSA-200504-23 : Kommander: Insecure remote script execution
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-115-1.NASL
    descriptionEckhart Worner discovered that Kommander opens files from remote and possibly untrusted locations without user confirmation. Since Kommander files can contain scripts, this would allow an attacker to execute arbitrary code with the privileges of the user opening the file. The updated Kommander will not automatically open files from remote locations, and files which do not end with
    last seen2020-06-01
    modified2020-06-02
    plugin id20503
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20503
    titleUbuntu 5.04 : kdewebdev vulnerability (USN-115-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_91F1ADC7B3E911D9A7880001020EED82.NASL
    descriptionA KDE Security Advisory reports : Kommander executes without user confirmation data files from possibly untrusted locations. As they contain scripts, the user might accidentally run arbitrary code. Impact: Remotly supplied kommander files from untrusted sources are executed without confirmation.
    last seen2020-06-01
    modified2020-06-02
    plugin id19032
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19032
    titleFreeBSD : kdewebdev -- kommander untrusted code execution vulnerability (91f1adc7-b3e9-11d9-a788-0001020eed82)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-345.NASL
    description - Wed Apr 27 2005 Than Ngo <than at redhat.com> 6:3.3.1-2.1 - apply patch to fix CVE-2005-0754, Kommander untrusted code execution, thanks to KDE security team - Mon Oct 18 2004 Than Ngo <than at redhat.com> 6:3.3.1-2 - rebuilt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id62257
    published2012-09-24
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62257
    titleFedora Core 3 : kdewebdev-3.3.1-2.1 (2005-345)