Info

Disclosure

Aug 11, 2004

Discovery

Unknown

Dates

Exploit

Aug 11, 2004

Solution

Unknown

Description

KDE DCOPServer contains a flaw that may allow a malicious user to compromise local user accounts. The issue is triggered when DCOPserver creates insecure temporary files which may be used for authentication purposes occurs. It is possible that the flaw may allow a local attacker to compromise local accounts that run applications within KDE resulting in a loss of confidentiality, and integrity.

Classification

Location: Local Access Required
Attack Type: Misconfiguration
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, KDE has released a patch to address this vulnerability.

Products

KDE Project	KDE	3.2.3
		3.2.2
		3.2.1
		3.2.0
		3.1.x
		2.x
		1.x
		3.0.x

References

Secunia Advisory ID: 12276 12284 12311 12343 12465 12495 12521 12725
CVE ID: 2004-0689 (see also: NVD)
SCIP VulDB ID: 784
Related OSVDB ID: 8590
Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000864
http://rhn.redhat.com/errata/RHSA-2004-412.html
http://security.gentoo.org/glsa/glsa-200408-13.xml
http://www.debian.org/security/2004/dsa-539
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:086
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.440345
Vendor Specific Advisory URL: http://www.kde.org/info/security/advisory-20040811-1.txt

Credit

Colin Phipps - cphcph.demon.co.uk -
Chris Cheney -

Direct URL: http://osvdb.org/8589

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

KDE Project

KDE

References

Credit