RHEL 4 : kdelibs (RHSA-2005:325)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated kdelibs packages that fix several security issues are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

The kdelibs package provides libraries for the K Desktop Environment.

The International Domain Name (IDN) support in the Konqueror browser
allowed remote attackers to spoof domain names using punycode encoded
domain names. Such domain names are decoded in URLs and SSL
certificates in a way that uses homograph characters from other
character sets, which facilitates phishing attacks. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-0237 to this issue.

Sebastian Krahmer discovered a flaw in dcopserver, the KDE Desktop
Communication Protocol (DCOP) daemon. A local user could use this flaw
to stall the DCOP authentication process, affecting any local desktop
users and causing a reduction in their desktop functionality. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-0396 to this issue.

A flaw in the dcopidlng script was discovered. The dcopidlng script
would create temporary files with predictable filenames which could
allow local users to overwrite arbitrary files via a symlink attack.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-0365 to this issue.

Users of KDE should upgrade to these erratum packages which contain
backported patches to correct these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2005-0237.html
https://www.redhat.com/security/data/cve/CVE-2005-0365.html
https://www.redhat.com/security/data/cve/CVE-2005-0396.html
http://www.kde.org/info/security/advisory-20050316-3.txt
http://www.kde.org/info/security/advisory-20050316-2.txt
http://www.kde.org/info/security/advisory-20050316-1.txt
http://rhn.redhat.com/errata/RHSA-2005-325.html

Solution :

Update the affected kdelibs and / or kdelibs-devel packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 17625 ()

Bugtraq ID:

CVE ID: CVE-2005-0237
CVE-2005-0365
CVE-2005-0396