Mandrake Linux Security Advisory : kdenetwork (MDKSA-2002:080)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

The SuSE security team discovered two vulnerabilities in the KDE
lanbrowsing service during an audit. The LISa network daemon and
'reslisa', a restricted version of LISa are used to identify servers
on the local network by using the URL type 'lan://' and 'rlan://'
respectively. A buffer overflow was discovered in the lisa daemon that
can be exploited by an attacker on the local network to obtain root
privilege on a machine running the lisa daemon. Another buffer
overflow was found in the lan:// URL handler, which can be exploited
by a remote attacker to gain access to the victim user's account.

Only Mandrake Linux 9.0 comes with the LISa network daemon; all
previous versions do not contain the network daemon and are as such
not vulnerable.

See also :

http://www.kde.org/info/security/advisory-20021111-2.txt

Solution :

Update the affected kdenetwork, kdenetwork-devel and / or lisa
packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13978 (mandrake_MDKSA-2002-080.nasl)

Bugtraq ID:

CVE ID: CVE-2002-1247
CVE-2002-1306

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now