Vulnerabilities > CVE-2005-0754
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 2 | |
| OS | 1 | |
| OS | 8 | |
| OS | 1 | |
| OS | 5 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200504-23.NASL description The remote host is affected by the vulnerability described in GLSA-200504-23 (Kommander: Insecure remote script execution) Kommander executes data files from possibly untrusted locations without user confirmation. Impact : An attacker could exploit this to execute arbitrary code with the permissions of the user running Kommander. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 18126 published 2005-04-25 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18126 title GLSA-200504-23 : Kommander: Insecure remote script execution NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-115-1.NASL description Eckhart Worner discovered that Kommander opens files from remote and possibly untrusted locations without user confirmation. Since Kommander files can contain scripts, this would allow an attacker to execute arbitrary code with the privileges of the user opening the file. The updated Kommander will not automatically open files from remote locations, and files which do not end with last seen 2020-06-01 modified 2020-06-02 plugin id 20503 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20503 title Ubuntu 5.04 : kdewebdev vulnerability (USN-115-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_91F1ADC7B3E911D9A7880001020EED82.NASL description A KDE Security Advisory reports : Kommander executes without user confirmation data files from possibly untrusted locations. As they contain scripts, the user might accidentally run arbitrary code. Impact: Remotly supplied kommander files from untrusted sources are executed without confirmation. last seen 2020-06-01 modified 2020-06-02 plugin id 19032 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19032 title FreeBSD : kdewebdev -- kommander untrusted code execution vulnerability (91f1adc7-b3e9-11d9-a788-0001020eed82) NASL family Fedora Local Security Checks NASL id FEDORA_2005-345.NASL description - Wed Apr 27 2005 Than Ngo <than at redhat.com> 6:3.3.1-2.1 - apply patch to fix CVE-2005-0754, Kommander untrusted code execution, thanks to KDE security team - Mon Oct 18 2004 Than Ngo <than at redhat.com> 6:3.3.1-2 - rebuilt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 62257 published 2012-09-24 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62257 title Fedora Core 3 : kdewebdev-3.3.1-2.1 (2005-345)