漏洞信息详情
dcopidlng脚本不安全方式创建临时文件漏洞
- CNNVD编号:CNNVD-200505-667
- 危害等级: 低危
- CVE编号: CVE-2005-0365
- 漏洞类型: 设计错误
- 发布时间: 2005-03-17
- 威胁类型: 本地
- 更新时间: 2005-10-20
- 厂 商: kde
- 漏洞来源: Waldo Bastian※ bas...
漏洞简介
KDE是Linux和Unix工作站的一款免费开放源代码X桌面管理程序,DCOP协议是用于KDE通信的协议。dcopidlng脚本受符号链接攻击的影响,可能允许本地用户在编译使用dcopidlng脚本的KDE或第三方KDE应用程序时覆盖用户的任意文件。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
KDE KDE 3.2
KDE post-3.2.3-kdelibs-dcop.patch
ftp://ftp.kde.org/pub/kde/security_patches
KDE KDE 3.4
http://www.kde.org/download/
Mandrake kdelibs-common-3.2-36.10.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php
Mandrake kdelibs-common-3.2-36.10.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php
Mandrake kdelibs-common-3.2-36.10.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php
Mandrake kdelibs-common-3.2-36.10.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php
Mandrake kdelibs-common-3.2-36.12.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php
Mandrake kdelibs-common-3.2-36.12.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php
Mandrake kdelibs-common-3.2-36.12.C30mdk.i586.rpm
Mandrake Corporate 3.0
http://www.mandrakesecure.net/en/ftp.php
Mandrake kdelibs-common-3.2-36.12.C30mdk.x86_64.rpm
Mandrake Corporate 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php
Mandrake lib64kdecore4-3.2-36.10.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php
Mandrake lib64kdecore4-3.2-36.10.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php
Mandrake lib64kdecore4-3.2-36.12.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php
Mandrake lib64kdecore4-3.2-36.12.C30mdk.x86_64.rpm
Mandrake Corporate 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php
Mandrake lib64kdecore4-devel-3.2-36.10.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php
Mandrake lib64kdecore4-devel-3.2-36.10.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php
Mandrake lib64kdecore4-devel-3.2-36.12.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php
Mandrake lib64kdecore4-devel-3.2-36.12.C30mdk.x86_64.rpm
Mandrake Corporate 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php
Mandrake libkdecore4-3.2-36.10.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php
Mandrake libkdecore4-3.2-36.10.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php
Mandrake libkdecore4-3.2-36.12.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php
Mandrake libkdecore4-3.2-36.12.C30mdk.i586.rpm
Mandrake Corporate 3.0
http://www.mandrakesecure.net/en/ftp.php
Mandrake libkdecore4-devel-3.2-36.10.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php
Mandrake libkdecore4-devel-3.2-36.10.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php
Mandrake libkdecore4-devel-3.2-36.12.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php
Mandrake libkdecore4-devel-3.2-36.12.C30mdk.i586.rpm
Mandrake Corporate 3.0
http://www.mandrakesecure.net/en/ftp.php
KDE KDE 3.2.1
KDE post-3.2.3-kdelibs-dcop.patch
ftp://ftp.kde.org/pub/kde/security_patches
KDE KDE 3.4
http://www.kde.org/download/
KDE KDE 3.2.2
Fedora kdelibs-3.2.2-14.FC2.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
Fedora kdelibs-3.2.2-14.FC2.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
Fedora kdelibs-debuginfo-3.2.2-14.FC2.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
Fedora kdelibs-debuginfo-3.2.2-14.FC2.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
Fedora kdelibs-devel-3.2.2-14.FC2.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
Fedora kdelibs-devel-3.2.2-14.FC2.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
KDE post-3.2.3-kdelibs-dcop.patch
ftp://ftp.
参考网址
来源: www.kde.org
链接:http://www.kde.org/info/security/advisory-20050316-2.txt
来源: GENTOO
名称: GLSA-200503-14
链接:http://security.gentoo.org/glsa/glsa-200503-14.xml
来源: BUGTRAQ
名称: 20050211 insecure temporary file creation in kdelibs 3.3.2
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110814653804757&w=2
来源: bugs.kde.org
链接:http://bugs.kde.org/show_bug.cgi?id=97608
来源: REDHAT
名称: RHSA-2005:325
链接:http://www.redhat.com/support/errata/RHSA-2005-325.HTML
来源: MANDRAKE
名称: MDKSA-2005:058
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2005:058
来源: MANDRAKE
名称: MDKSA-2005:045
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2005:045
来源: SECTRACK
名称: 1013525
链接:http://securitytracker.com/id?1013525
来源: SECUNIA
名称: 14254
链接:http://secunia.com/advisories/14254
来源: FEDORA
名称: FEDORA-2005-245
链接:http://fedoranews.org/updates/FEDORA-2005-245.sHTML
受影响实体
- Kde Kde:3.2.X
- Kde Kde:3.3.X
补丁
暂无
评论