CVE-2004-0690
CVSS4.6
发布时间 :2004-09-28 00:00:00
修订时间 :2016-10-17 22:47:56
NMCOPS    

[原文]The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.


[CNNVD]KDE DCOPServer以不安全方式创建临时文件漏洞(CNNVD-200409-069)

        
        KDE是一款免费开放源代码X桌面管理程序。
        KDE DCOPServer不安全建立临时文件,本地攻击者可以利用这个漏洞破坏本地系统文件,造成拒绝服务攻击。
        在进行验证过程中,KDE DCOPServer不安全建立临时文件,可导致本地攻击者利用符号链接破坏运行KDE应用程序用户的帐户信息。
        

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0690
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0690
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200409-069
(官方数据源) CNNVD

- 其它链接及资源

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261386
(VENDOR_ADVISORY)  MISC  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261386
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864
(UNKNOWN)  CONECTIVA  CLA-2004:864
http://marc.info/?l=bugtraq&m=109225538901170&w=2
(UNKNOWN)  BUGTRAQ  20040811 KDE Security Advisories: Temporary File and Konqueror Frame Injection Vulnerabilities
http://security.gentoo.org/glsa/glsa-200408-13.xml
(UNKNOWN)  GENTOO  200408-13
http://www.kb.cert.org/vuls/id/330638
(UNKNOWN)  CERT-VN  VU#330638
http://www.kde.org/info/security/advisory-20040811-2.txt
(VENDOR_ADVISORY)  CONFIRM  http://www.kde.org/info/security/advisory-20040811-2.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2004:086
(UNKNOWN)  MANDRAKE  MDKSA-2004:086
http://www.securityfocus.com/bid/10924
(UNKNOWN)  BID  10924
http://xforce.iss.net/xforce/xfdb/16962
(VENDOR_ADVISORY)  XF  kde-dcopserver-symlink(16962)

- 漏洞信息

KDE DCOPServer以不安全方式创建临时文件漏洞
中危 竞争条件
2004-09-28 00:00:00 2005-10-20 00:00:00
本地  
        
        KDE是一款免费开放源代码X桌面管理程序。
        KDE DCOPServer不安全建立临时文件,本地攻击者可以利用这个漏洞破坏本地系统文件,造成拒绝服务攻击。
        在进行验证过程中,KDE DCOPServer不安全建立临时文件,可导致本地攻击者利用符号链接破坏运行KDE应用程序用户的帐户信息。
        

- 公告与补丁

        厂商补丁:
        KDE
        ---
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Patches for KDE 3.2.3
        ftp://ftp.kde.org/pub/kde/security_patches :
        0046c691fa833b2ff8d7eac15312a68b post-3.2.3-kdelibs-dcopserver.patch

- 漏洞信息 (F34027)

KDE Security Advisory 2004-08-11.2 (PacketStormID:F34027)
2004-08-12 00:00:00
KDE Desktop  kde.org
advisory,local
linux,debian
CVE-2004-0690
[点击下载]

KDE Security Advisory - The Debian project was alerted that KDE's DCOPServer creates temporary files in an insecure manner. Since the temporary files are used for authentication related purposes this can potentially allow a local attacker to compromise the account of any user which runs a KDE application. Affected are version KDE 3.2.x up to KDE 3.2.3 inclusive.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

KDE Security Advisory: DCOPServer Temporary Filename Vulnerability
Original Release Date: 2004-08-11
URL: http://www.kde.org/info/security/advisory-20040811-2.txt

0. References

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0690
        http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261386

1. Systems affected:

        KDE 3.2.x up to KDE 3.2.3 inclusive. 


2. Overview:

        The Debian project was alerted that KDE's DCOPServer creates
        temporary files in an insecure manner. Since the temporary
        files are used for authentication related purposes this can
        potentially allow a local attacker to compromise the account of
        any user which runs a KDE application.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CAN-2004-0690 to this issue.


3. Impact:

        KDE's DCOPServer creates temporary files in an insecure manner.
        Since the temporary files are used for authentication related
        purposes this can potentially allow a local attacker to compromise
        the account of any user which runs a KDE application.
        

4. Solution:

        Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.


5. Patch:

        Patches for KDE 3.2.3 are available from
        ftp://ftp.kde.org/pub/kde/security_patches : 

  0046c691fa833b2ff8d7eac15312a68b  post-3.2.3-kdelibs-dcopserver.patch


6. Time line and credits:


        25/07/2004 Debian Project alerted by Colin Phipps
	26/07/2004 KDE Security team informed by Chris Cheney
	26/07/2004 Patch created
	27/07/2004 Vendors notified
        11/08/2004 Public advisory

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFBGiosN4pvrENfboIRApSoAJ0S7zbgId9etA3EDrOv5dnFpSUU4wCfd2JK
kHcL+tcXbrH971YcuoEleTQ=
=VHci
-----END PGP SIGNATURE-----
    

- 漏洞信息

8590
KDE DCOPServer Insecure Temporary File Privilege Escalation
Local Access Required Race Condition
Loss of Integrity
Exploit Public

- 漏洞描述

KDE DCOPServer contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the DCOPServer not creating temporary files in a secure manner. This may allow an attacker to use a symlink style of attack to gain access to user credentials causing a loss of integrity.

- 时间线

2004-08-11 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, KDE has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

KDE DCOPServer Insecure Temporary File Creation Vulnerability
Race Condition Error 10924
No Yes
2004-08-11 12:00:00 2009-07-12 06:16:00
Colin Phipps <cph@cph.demon.co.uk> reported this vulnerability to Debian GNU/Linux.

- 受影响的程序版本

Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
Mandriva Linux Mandrake 9.2 amd64
Mandriva Linux Mandrake 9.2
KDE KDE 3.2.3
KDE KDE 3.2.2
+ KDE KDE 3.2.2
+ Red Hat Fedora Core2
KDE KDE 3.2.1
KDE KDE 3.2
Gentoo Linux 1.4

- 漏洞讨论

KDEs DCOPServer is reported to contain an insecure temporary file creation vulnerability. This is due to the use of the mktemp() function.

Since temporary files are used by the DCOP daemon for authentication purposes, a local attacker may possibly exploit this vulnerability to compromise the account of a targeted user running KDE.

A local attacker may also possibly exploit this vulnerability to execute symbolic link file overwrite attacks. This may allow an attacker to overwrite arbitrary files with the privileges of the targeted user. Privilege escalation may also be possible using this method of attack.

KDE versions from 3.2.0 to 3.2.3 are reported susceptible to this vulnerability.

- 漏洞利用

An exploit is not required.

- 解决方案

Gentoo Linux has released advisory GLSA 200408-13 addressing this, and other issues. Please see the referenced advisory for further information. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge sync
emerge -pv ">=kde-base/kdebase-3.2.3-r1"
emerge ">=kde-base/kdebase-3.2.3-r1"
emerge -pv ">=kde-base/kdelibs-3.2.3-r1"
emerge ">=kde-base/kdelibs-3.2.3-r1"

OpenBSD has included patches to fix this issue in OpenBSD-current as of 14 Aug 2004. These patches have not been included in 3.4 or 3.5 at the time of this update.

Mandrake Linux has released an advisory (MDKSA-2004:086) along with fixes to address this, and other issues. Please see the referenced advisory for further information.

KDE has released patches resolving this issue:

Conectiva Linux has released advisory CLA-2004:864 along with fixes dealing with this and other issues. Please see the referenced advisory for more information.


KDE KDE 3.2

KDE KDE 3.2.1

KDE KDE 3.2.2

KDE KDE 3.2.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站