This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated kdelibs packages that fix several security issues are now
available for Red Hat Enterprise Linux 4.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
The kdelibs package provides libraries for the K Desktop Environment.
The International Domain Name (IDN) support in the Konqueror browser
allowed remote attackers to spoof domain names using punycode encoded
domain names. Such domain names are decoded in URLs and SSL
certificates in a way that uses homograph characters from other
character sets, which facilitates phishing attacks. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-0237 to this issue.
Sebastian Krahmer discovered a flaw in dcopserver, the KDE Desktop
Communication Protocol (DCOP) daemon. A local user could use this flaw
to stall the DCOP authentication process, affecting any local desktop
users and causing a reduction in their desktop functionality. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-0396 to this issue.
A flaw in the dcopidlng script was discovered. The dcopidlng script
would create temporary files with predictable filenames which could
allow local users to overwrite arbitrary files via a symlink attack.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-0365 to this issue.
Users of KDE should upgrade to these erratum packages which contain
backported patches to correct these issues.
See also :
Update the affected kdelibs and / or kdelibs-devel packages.
Risk factor :
Medium / CVSS Base Score : 5.0
Family: Red Hat Local Security Checks
Nessus Plugin ID: 17625 ()
CVE ID: CVE-2005-0237CVE-2005-0365CVE-2005-0396
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.