漏洞信息详情

dcopidlng脚本不安全方式创建临时文件漏洞

• CNNVD编号：CNNVD-200505-667
• 危害等级： 低危
  
• CVE编号： CVE-2005-0365
• 漏洞类型： 设计错误
• 发布时间： 2005-03-17
• 威胁类型： 本地
• 更新时间： 2005-10-20
• 厂        商： kde
• 漏洞来源： Waldo Bastian※ bas...

漏洞简介

KDE是Linux和Unix工作站的一款免费开放源代码X桌面管理程序，DCOP协议是用于KDE通信的协议。dcopidlng脚本受符号链接攻击的影响，可能允许本地用户在编译使用dcopidlng脚本的KDE或第三方KDE应用程序时覆盖用户的任意文件。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

KDE KDE 3.2

KDE post-3.2.3-kdelibs-dcop.patch

ftp://ftp.kde.org/pub/kde/security_patches

KDE KDE 3.4

http://www.kde.org/download/

Mandrake kdelibs-common-3.2-36.10.100mdk.amd64.rpm

Mandrake Linux 10.0/AMD64

http://www.mandrakesecure.net/en/ftp.php

Mandrake kdelibs-common-3.2-36.10.100mdk.i586.rpm

Mandrake Linux 10.0

http://www.mandrakesecure.net/en/ftp.php

Mandrake kdelibs-common-3.2-36.10.C30mdk.i586.rpm

Mandrake Corporate Server 3.0

http://www.mandrakesecure.net/en/ftp.php

Mandrake kdelibs-common-3.2-36.10.C30mdk.x86_64.rpm

Mandrake Corporate Server 3.0/x86_64

http://www.mandrakesecure.net/en/ftp.php

Mandrake kdelibs-common-3.2-36.12.100mdk.amd64.rpm

Mandrake Linux 10.0/AMD64

http://www.mandrakesecure.net/en/ftp.php

Mandrake kdelibs-common-3.2-36.12.100mdk.i586.rpm

Mandrake Linux 10.0

http://www.mandrakesecure.net/en/ftp.php

Mandrake kdelibs-common-3.2-36.12.C30mdk.i586.rpm

Mandrake Corporate 3.0

http://www.mandrakesecure.net/en/ftp.php

Mandrake kdelibs-common-3.2-36.12.C30mdk.x86_64.rpm

Mandrake Corporate 3.0/x86_64

http://www.mandrakesecure.net/en/ftp.php

Mandrake lib64kdecore4-3.2-36.10.100mdk.amd64.rpm

Mandrake Linux 10.0/AMD64

http://www.mandrakesecure.net/en/ftp.php

Mandrake lib64kdecore4-3.2-36.10.C30mdk.x86_64.rpm

Mandrake Corporate Server 3.0/x86_64

http://www.mandrakesecure.net/en/ftp.php

Mandrake lib64kdecore4-3.2-36.12.100mdk.amd64.rpm

Mandrake Linux 10.0/AMD64

http://www.mandrakesecure.net/en/ftp.php

Mandrake lib64kdecore4-3.2-36.12.C30mdk.x86_64.rpm

Mandrake Corporate 3.0/x86_64

http://www.mandrakesecure.net/en/ftp.php

Mandrake lib64kdecore4-devel-3.2-36.10.100mdk.amd64.rpm

Mandrake Linux 10.0/AMD64

http://www.mandrakesecure.net/en/ftp.php

Mandrake lib64kdecore4-devel-3.2-36.10.C30mdk.x86_64.rpm

Mandrake Corporate Server 3.0/x86_64

http://www.mandrakesecure.net/en/ftp.php

Mandrake lib64kdecore4-devel-3.2-36.12.100mdk.amd64.rpm

Mandrake Linux 10.0/AMD64

http://www.mandrakesecure.net/en/ftp.php

Mandrake lib64kdecore4-devel-3.2-36.12.C30mdk.x86_64.rpm

Mandrake Corporate 3.0/x86_64

http://www.mandrakesecure.net/en/ftp.php

Mandrake libkdecore4-3.2-36.10.100mdk.i586.rpm

Mandrake Linux 10.0

http://www.mandrakesecure.net/en/ftp.php

Mandrake libkdecore4-3.2-36.10.C30mdk.i586.rpm

Mandrake Corporate Server 3.0

http://www.mandrakesecure.net/en/ftp.php

Mandrake libkdecore4-3.2-36.12.100mdk.i586.rpm

Mandrake Linux 10.0

http://www.mandrakesecure.net/en/ftp.php

Mandrake libkdecore4-3.2-36.12.C30mdk.i586.rpm

Mandrake Corporate 3.0

http://www.mandrakesecure.net/en/ftp.php

Mandrake libkdecore4-devel-3.2-36.10.100mdk.i586.rpm

Mandrake Linux 10.0

http://www.mandrakesecure.net/en/ftp.php

Mandrake libkdecore4-devel-3.2-36.10.C30mdk.i586.rpm

Mandrake Corporate Server 3.0

http://www.mandrakesecure.net/en/ftp.php

Mandrake libkdecore4-devel-3.2-36.12.100mdk.i586.rpm

Mandrake Linux 10.0

http://www.mandrakesecure.net/en/ftp.php

Mandrake libkdecore4-devel-3.2-36.12.C30mdk.i586.rpm

Mandrake Corporate 3.0

http://www.mandrakesecure.net/en/ftp.php

KDE KDE 3.2.1

KDE post-3.2.3-kdelibs-dcop.patch

ftp://ftp.kde.org/pub/kde/security_patches

KDE KDE 3.4

http://www.kde.org/download/

KDE KDE 3.2.2

Fedora kdelibs-3.2.2-14.FC2.i386.rpm

RedHat Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Fedora kdelibs-3.2.2-14.FC2.x86_64.rpm

RedHat Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Fedora kdelibs-debuginfo-3.2.2-14.FC2.i386.rpm

RedHat Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Fedora kdelibs-debuginfo-3.2.2-14.FC2.x86_64.rpm

RedHat Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Fedora kdelibs-devel-3.2.2-14.FC2.i386.rpm

RedHat Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Fedora kdelibs-devel-3.2.2-14.FC2.x86_64.rpm

RedHat Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

KDE post-3.2.3-kdelibs-dcop.patch

ftp://ftp.

参考网址

来源: www.kde.org

链接:http://www.kde.org/info/security/advisory-20050316-2.txt

来源: GENTOO

名称: GLSA-200503-14

链接:http://security.gentoo.org/glsa/glsa-200503-14.xml

来源: BUGTRAQ

名称: 20050211 insecure temporary file creation in kdelibs 3.3.2

链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110814653804757&w=2

来源: bugs.kde.org

链接:http://bugs.kde.org/show_bug.cgi?id=97608

来源: REDHAT

名称: RHSA-2005:325

链接:http://www.redhat.com/support/errata/RHSA-2005-325.HTML

来源: MANDRAKE

名称: MDKSA-2005:058

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2005:058

来源: MANDRAKE

名称: MDKSA-2005:045

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2005:045

来源: SECTRACK

名称: 1013525

链接:http://securitytracker.com/id?1013525

来源: SECUNIA

名称: 14254

链接:http://secunia.com/advisories/14254

来源: FEDORA

名称: FEDORA-2005-245

链接:http://fedoranews.org/updates/FEDORA-2005-245.sHTML

受影响实体

• Kde Kde:3.2.X  
• Kde Kde:3.3.X  

补丁

暂无