Vulnerabilities > CVE-2005-2101 - Unspecified vulnerability in KDE
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files.
Vulnerable Configurations
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-818.NASL description Javier Fernandez-Sanguino Pena discovered that langen2kvhtml from the kvoctrain package from the kdeedu suite creates temporary files in an insecure fashion. This leaves them open for symlink attacks. last seen 2020-06-01 modified 2020-06-02 plugin id 19787 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19787 title Debian DSA-818-1 : kdeedu - insecure temporary files NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-159.NASL description Ben Burton notified the KDE security team about several tempfile handling related vulnerabilities in langen2kvtml, a conversion script for kvoctrain. This vulnerability was initially discovered by Javier Fernández-Sanguino Peña. The script uses known filenames in /tmp which allow an local attacker to overwrite files writeable by the user (manually) invoking the conversion script. The updated packages have been patched to correct this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 19914 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19914 title Mandrake Linux Security Advisory : kdeedu (MDKSA-2005:159)