Mandrake Linux Security Advisory : kdeedu (MDKSA-2005:159)

Medium Nessus Plugin ID 19914


The remote Mandrake Linux host is missing one or more security updates.


Ben Burton notified the KDE security team about several tempfile handling related vulnerabilities in langen2kvtml, a conversion script for kvoctrain. This vulnerability was initially discovered by Javier Fernández-Sanguino Peña.

The script uses known filenames in /tmp which allow an local attacker to overwrite files writeable by the user (manually) invoking the conversion script.

The updated packages have been patched to correct this problem.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 19914

File Name: mandrake_MDKSA-2005-159.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2005/10/05

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:kdeedu, p-cpe:/a:mandriva:linux:lib64kdeedu1, p-cpe:/a:mandriva:linux:lib64kdeedu1-devel, p-cpe:/a:mandriva:linux:libkdeedu1, p-cpe:/a:mandriva:linux:libkdeedu1-devel, cpe:/o:mandrakesoft:mandrake_linux:10.1, x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2005/09/06

Reference Information

CVE: CVE-2005-2101

MDKSA: 2005:159