Mandrake Linux Security Advisory : kdelibs/kdebase (MDKSA-2004:086)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.

Synopsis :

The remote Mandrake Linux host is missing one or more security

Description :

A number of vulnerabilities were discovered in KDE that are corrected
with these update packages.

The integrity of symlinks used by KDE are not ensured and as a result
can be abused by local attackers to create or truncate arbitrary files
or to prevent KDE applications from functioning correctly

The DCOPServer creates temporary files in an insecure manner. These
temporary files are used for authentication-related purposes, so this
could potentially allow a local attacker to compromise the account of
any user running a KDE application (CVE-2004-0690). Note that only KDE
3.2.x is affected by this vulnerability.

The Konqueror web browser allows websites to load web pages into a
frame of any other frame-based web page that the user may have open.
This could potentially allow a malicious website to make Konqueror
insert its own frames into the page of an otherwise trusted website

The Konqueror web browser also allows websites to set cookies for
certain country-specific top-level domains. This can be done to make
Konqueror send the cookies to all other web sites operating under the
same domain, which can be abused to become part of a session fixation
attack. All country-specific secondary top-level domains that use more
than 2 characters in the secondary part of the domain name, and that
use a secondary part other than com, net, mil, org, gove, edu, or int
are affected (CVE-2004-0746).

See also :

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14335 (mandrake_MDKSA-2004-086.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0689

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now