exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

KDE Security Advisory 2005-03-16.1

KDE Security Advisory 2005-03-16.1
Posted Mar 22, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: Sebastian Krahmer of the SUSE LINUX Security Team reported a local denial of service vulnerability in KDE's Desktop Communication Protocol (DCOP) daemon better known as dcopserver. Systems affected: All KDE version prior to KDE 3.4 on systems where multiple users have access.

tags | advisory, denial of service, local, protocol
systems | linux, suse
advisories | CVE-2005-0396
SHA-256 | 4f12cb84df4ea525e8d75fed62c1760952046451f23e18cde30ede4ba590c810

KDE Security Advisory 2005-03-16.1

Change Mirror Download
Three KDE security advisories have been issued today.

KDE Security Advisory: Local DCOP denial of service vulnerability
Original Release Date: 20050316
URL: http://www.kde.org/info/security/advisory-20050316-1.txt

0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0396


1. Systems affected:

All KDE version prior to KDE 3.4 on systems where multiple users
have access.


2. Overview:

Sebastian Krahmer of the SUSE LINUX Security Team reported a local
denial of service vulnerability in KDE's Desktop Communication
Protocol (DCOP) daemon better known as dcopserver.

A local user can lock up the dcopserver of arbitrary other users
on the same machine by stalling the DCOP authentication process.

Although it is not possible to by pass the authentication process
this way, it can cause a significant reduction in desktop
functionality for the affected users.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-0396 to this issue.


3. Impact:

A local user can lock up the dcopserver of arbitrary other users
on the same machine. This can cause a significant reduction in
desktop functionality for the affected users including, but not
limited to, the inability to browse the internet and the inability
to start new applications.


4. Solution:

Upgrade to KDE 3.4.

For older versions of KDE Source code patches have been made
available which fix these vulnerabilities. Contact your OS vendor /
binary package provider for information about how to obtain updated
binary packages.


5. Patch:

A patch for KDE 3.1.x is available from
ftp://ftp.kde.org/pub/kde/security_patches

377c49d8224612fbf09f70f3c09d52f5 post-3.1.5-kdelibs-dcop.patch

A patch for KDE 3.2.x is available from
ftp://ftp.kde.org/pub/kde/security_patches

0948701bffb082c65784dc8a2b648ef0 post-3.2.3-kdelibs-dcop.patch

A patch for KDE 3.3.x is available from
ftp://ftp.kde.org/pub/kde/security_patches

7309e259ae1f29be08bbb70e580da3fb post-3.3.2-kdelibs-dcop.patch


6. Time line and credits:

21/02/2005 KDE Security informed by SUSE LINUX.
21/02/2005 Patches applied to KDE CVS.
02/03/2005 Vendors notified
16/03/2005 KDE Security Advisory released.


KDE Security Advisory: Konqueror International Domain Name Spoofing
Original Release Date: 20050316
URL: http://www.kde.org/info/security/advisory-20050316-2.txt

0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0237
http://bugs.kde.org/show_bug.cgi?id=98788
http://lists.netsys.com/pipermail/full-disclosure/2005-February/031459.html
http://lists.netsys.com/pipermail/full-disclosure/2005-February/031460.html
http://www.shmoo.com/idn
http://www.shmoo.com/idn/homograph.txt
http://xforce.iss.net/xforce/xfdb/19236
http://secunia.com/advisories/14162/

1. Systems affected:

All KDE versions in the KDE 3.2.x and KDE 3.3.x series.


2. Overview:

Since version 3.2 KDE and it's webbrowser Konqueror have support
for International Domain Names (IDN). Unfortunately this has
made KDE vulnerable to a phishing technique known as a
Homograph attack.

IDN allows a website to use a wide range of international characters
in its domain name. Unfortunately some of these characters have a
strong resemblance to other characters, so called homographs. This
makes it possible for a website to use a domain name that is
technically different from another well known domain name, but has
no or very little visual differences.

This lack of visual difference can be abused by attackers to
trick users into visiting malicious websites that resemble
a well known and trusted website in order to obtain personal
information such as credit card details.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-0237 to this issue.

For KDE 3.4 KDE and the Konqueror webbrowser have adopted a
whitelist of domains for which IDN is safe to use because the
registrar for these domains has implemented anti-homographic
character policies or otherwise limited the available set of
characters to prevent spoofing.


3. Impact:

Users can be tricked into visiting a malicious website that
resembles a well known and trusted website without getting any
visual indication that this website differs from the one the
user was expecting to visit.


4. Solution:

Upgrade to KDE 3.4.

For older versions of KDE Source code patches have been made
available which fix these vulnerabilities. Contact your OS vendor /
binary package provider for information about how to obtain updated
binary packages.


5. Patch:

A patch for KDE 3.2.x is available from
ftp://ftp.kde.org/pub/kde/security_patches

611bad3cb9ae46ac35b907c7321da7aa post-3.2.3-kdelibs-idn.patch

A patch for KDE 3.3.x is available from
ftp://ftp.kde.org/pub/kde/security_patches

c87754dbbaca4cdfeb26626a908fab5f post-3.3.2-kdelibs-idn.patch

6. Time line and credits:

07/02/2005 Issue raised by Eric Johanson on full-disclosure
03/03/2005 Patches applied to KDE CVS.
04/03/2005 Vendors notified
16/03/2005 KDE Security Advisory released.


KDE Security Advisory: Insecure temporary file creation by dcopidlng
Original Release Date: 20050316
URL: http://www.kde.org/info/security/advisory-20050316-3.txt

0. References
http://bugs.kde.org/show_bug.cgi?id=97608
http://www.gentoo.org/security/en/glsa/glsa-200503-14.xml
http://bugs.gentoo.org/attachment.cgi?id=51120&action=view
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0365

1. Systems affected:

All KDE versions in the KDE 3.2.x and KDE 3.3.x series.
This problem only affects users who compile KDE or KDE applications
themselves.

2. Overview:

The dcopidlng script is vulnerable to symlink attacks, potentially
allowing a local user to overwrite arbitrary files of a user when
the script is run on behalf of that user.

The dcopidlng script is run as part of the build process of KDE
itself and may be used by the build process of third party KDE
applications.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-0365 to this issue.


3. Impact:

The dcopidlng script is vulnerable to symlink attacks, potentially
allowing a local user to overwrite arbitrary files of a user when
that user compiles KDE or third party KDE applications that use the
dcopidlng script as part of their build process.


4. Solution:

Upgrade to KDE 3.4.

For older versions of KDE Source code patches have been made
available which fix these vulnerabilities.

Installed versions of dcopidlng can be patched manually as follows:

cd $(kde-config --expandvars --install exe)
patch < ~/post-3.2.3-kdelibs-dcopidlng.patch

5. Patch:

A patch for KDE 3.2.x is available from
ftp://ftp.kde.org/pub/kde/security_patches

43213bb9876704041af622ed2a6903ae post-3.2.3-kdelibs-dcopidlng.patch

A patch for KDE 3.3.x is available from
ftp://ftp.kde.org/pub/kde/security_patches

43213bb9876704041af622ed2a6903ae post-3.3.2-kdelibs-dcopidlng.patch


6. Time line and credits:

21/01/2005 Problem reported to bugs.kde.org by Davide Madrisan
21/01/2005 Patches applied to KDE CVS.
16/03/2005 KDE Security Advisory released.
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close