Mandrake Linux Security Advisory : kdenetwork (MDKSA-2002:080)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.

Synopsis :

The remote Mandrake Linux host is missing one or more security

Description :

The SuSE security team discovered two vulnerabilities in the KDE
lanbrowsing service during an audit. The LISa network daemon and
'reslisa', a restricted version of LISa are used to identify servers
on the local network by using the URL type 'lan://' and 'rlan://'
respectively. A buffer overflow was discovered in the lisa daemon that
can be exploited by an attacker on the local network to obtain root
privilege on a machine running the lisa daemon. Another buffer
overflow was found in the lan:// URL handler, which can be exploited
by a remote attacker to gain access to the victim user's account.

Only Mandrake Linux 9.0 comes with the LISa network daemon; all
previous versions do not contain the network daemon and are as such
not vulnerable.

See also :

Solution :

Update the affected kdenetwork, kdenetwork-devel and / or lisa

Risk factor :

High / CVSS Base Score : 7.5

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13978 (mandrake_MDKSA-2002-080.nasl)

Bugtraq ID:

CVE ID: CVE-2002-1247

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now