CVE-2005-0365
CVSS2.1
发布时间 :2005-05-02 00:00:00
修订时间 :2016-10-17 23:11:03
NMCOPS    

[原文]The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.


[CNNVD]dcopidlng脚本不安全方式创建临时文件漏洞(CNNVD-200505-667)

        KDE是Linux和Unix工作站的一款免费开放源代码X桌面管理程序,DCOP协议是用于KDE通信的协议。dcopidlng脚本受符号链接攻击的影响,可能允许本地用户在编译使用dcopidlng脚本的KDE或第三方KDE应用程序时覆盖用户的任意文件。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:kde:kde:3.2.x
cpe:/o:kde:kde:3.3.x

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10676The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allow...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0365
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0365
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-667
(官方数据源) CNNVD

- 其它链接及资源

http://bugs.kde.org/show_bug.cgi?id=97608
(VENDOR_ADVISORY)  CONFIRM  http://bugs.kde.org/show_bug.cgi?id=97608
http://fedoranews.org/updates/FEDORA-2005-245.shtml
(UNKNOWN)  FEDORA  FEDORA-2005-245
http://marc.info/?l=bugtraq&m=110814653804757&w=2
(UNKNOWN)  BUGTRAQ  20050211 insecure temporary file creation in kdelibs 3.3.2
http://security.gentoo.org/glsa/glsa-200503-14.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200503-14
http://securitytracker.com/id?1013525
(UNKNOWN)  SECTRACK  1013525
http://www.kde.org/info/security/advisory-20050316-2.txt
(PATCH)  CONFIRM  http://www.kde.org/info/security/advisory-20050316-2.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2005:045
(UNKNOWN)  MANDRAKE  MDKSA-2005:045
http://www.mandriva.com/security/advisories?name=MDKSA-2005:058
(UNKNOWN)  MANDRAKE  MDKSA-2005:058
http://www.redhat.com/support/errata/RHSA-2005-325.html
(UNKNOWN)  REDHAT  RHSA-2005:325

- 漏洞信息

dcopidlng脚本不安全方式创建临时文件漏洞
低危 设计错误
2005-05-02 00:00:00 2005-10-20 00:00:00
本地  
        KDE是Linux和Unix工作站的一款免费开放源代码X桌面管理程序,DCOP协议是用于KDE通信的协议。dcopidlng脚本受符号链接攻击的影响,可能允许本地用户在编译使用dcopidlng脚本的KDE或第三方KDE应用程序时覆盖用户的任意文件。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        KDE KDE 3.2
        KDE post-3.2.3-kdelibs-dcop.patch
        ftp://ftp.kde.org/pub/kde/security_patches
        KDE KDE 3.4
        http://www.kde.org/download/
        Mandrake kdelibs-common-3.2-36.10.100mdk.amd64.rpm
        Mandrake Linux 10.0/AMD64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake kdelibs-common-3.2-36.10.100mdk.i586.rpm
        Mandrake Linux 10.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake kdelibs-common-3.2-36.10.C30mdk.i586.rpm
        Mandrake Corporate Server 3.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake kdelibs-common-3.2-36.10.C30mdk.x86_64.rpm
        Mandrake Corporate Server 3.0/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake kdelibs-common-3.2-36.12.100mdk.amd64.rpm
        Mandrake Linux 10.0/AMD64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake kdelibs-common-3.2-36.12.100mdk.i586.rpm
        Mandrake Linux 10.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake kdelibs-common-3.2-36.12.C30mdk.i586.rpm
        Mandrake Corporate 3.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake kdelibs-common-3.2-36.12.C30mdk.x86_64.rpm
        Mandrake Corporate 3.0/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake lib64kdecore4-3.2-36.10.100mdk.amd64.rpm
        Mandrake Linux 10.0/AMD64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake lib64kdecore4-3.2-36.10.C30mdk.x86_64.rpm
        Mandrake Corporate Server 3.0/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake lib64kdecore4-3.2-36.12.100mdk.amd64.rpm
        Mandrake Linux 10.0/AMD64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake lib64kdecore4-3.2-36.12.C30mdk.x86_64.rpm
        Mandrake Corporate 3.0/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake lib64kdecore4-devel-3.2-36.10.100mdk.amd64.rpm
        Mandrake Linux 10.0/AMD64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake lib64kdecore4-devel-3.2-36.10.C30mdk.x86_64.rpm
        Mandrake Corporate Server 3.0/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake lib64kdecore4-devel-3.2-36.12.100mdk.amd64.rpm
        Mandrake Linux 10.0/AMD64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake lib64kdecore4-devel-3.2-36.12.C30mdk.x86_64.rpm
        Mandrake Corporate 3.0/x86_64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libkdecore4-3.2-36.10.100mdk.i586.rpm
        Mandrake Linux 10.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libkdecore4-3.2-36.10.C30mdk.i586.rpm
        Mandrake Corporate Server 3.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libkdecore4-3.2-36.12.100mdk.i586.rpm
        Mandrake Linux 10.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libkdecore4-3.2-36.12.C30mdk.i586.rpm
        Mandrake Corporate 3.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libkdecore4-devel-3.2-36.10.100mdk.i586.rpm
        Mandrake Linux 10.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libkdecore4-devel-3.2-36.10.C30mdk.i586.rpm
        Mandrake Corporate Server 3.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libkdecore4-devel-3.2-36.12.100mdk.i586.rpm
        Mandrake Linux 10.0
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake libkdecore4-devel-3.2-36.12.C30mdk.i586.rpm
        Mandrake Corporate 3.0
        http://www.mandrakesecure.net/en/ftp.php
        KDE KDE 3.2.1
        KDE post-3.2.3-kdelibs-dcop.patch
        ftp://ftp.kde.org/pub/kde/security_patches
        KDE KDE 3.4
        http://www.kde.org/download/
        KDE KDE 3.2.2
        Fedora kdelibs-3.2.2-14.FC2.i386.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora kdelibs-3.2.2-14.FC2.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora kdelibs-debuginfo-3.2.2-14.FC2.i386.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora kdelibs-debuginfo-3.2.2-14.FC2.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora kdelibs-devel-3.2.2-14.FC2.i386.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora kdelibs-devel-3.2.2-14.FC2.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        KDE post-3.2.3-kdelibs-dcop.patch
        ftp://ftp.

- 漏洞信息 (F36517)

Gentoo Linux Security Advisory 200503-14 (PacketStormID:F36517)
2005-03-15 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-0365
[点击下载]

Gentoo Linux Security Advisory GLSA 200503-14 - Davide Madrisan has discovered that the dcopidlng script creates temporary files in a world-writable directory with predictable names. Versions less than 3.3.2-r5 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200503-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: KDE dcopidlng: Insecure temporary file creation
      Date: March 07, 2005
      Bugs: #81652
        ID: 200503-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

The dcopidlng script is vulnerable to symlink attacks, potentially
allowing a local user to overwrite arbitrary files.

Background
==========

KDE is a feature-rich graphical desktop environment for Linux and
Unix-like Operating Systems. DCOP is KDE's simple IPC/RPC mechanism.
dcopidlng is a DCOP helper script.

Affected packages
=================

    -------------------------------------------------------------------
     Package           /  Vulnerable  /                     Unaffected
    -------------------------------------------------------------------
  1  kde-base/kdelibs     < 3.3.2-r5                       >= 3.3.2-r5
                                                          *>= 3.2.3-r7

Description
===========

Davide Madrisan has discovered that the dcopidlng script creates
temporary files in a world-writable directory with predictable names.

Impact
======

A local attacker could create symbolic links in the temporary files
directory, pointing to a valid file somewhere on the filesystem. When
dcopidlng is executed, this would result in the file being overwritten
with the rights of the user running the utility, which could be the
root user.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All kdelibs users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose kde-base/kdelibs

References
==========

  [ 1 ] CAN-2005-0365
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0365

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200503-14.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息

13773
KDE kdelibs dcopidlng Script Arbitrary File Manipulation

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-01-21 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

KDE Library DCOPIDLING Insecure Temporary File Creation Vulnerability
Design Error 12525
No Yes
2005-02-11 12:00:00 2009-07-12 10:06:00
The QiLinux 'autospec' tool was used to discover this issue.

- 受影响的程序版本

Red Hat Fedora Core3
Red Hat Fedora Core2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
KDE kdelibs 3.3.2
+ Gentoo Linux
KDE kdelibs 3.3.1
+ Red Hat Enterprise Linux AS 4
+ RedHat Desktop 4.0
+ RedHat Enterprise Linux Desktop version 4
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux WS 4
KDE KDE 3.3.2
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Debian Linux 3.1
+ Debian Linux 3.1
KDE KDE 3.3.1
+ Red Hat Fedora Core3
KDE KDE 3.3
KDE KDE 3.2.3
KDE KDE 3.2.2
+ KDE KDE 3.2.2
+ Red Hat Fedora Core2
KDE KDE 3.2.1
KDE KDE 3.2
Conectiva Linux 10.0
Conectiva Linux 9.0
ALT Linux ALT Linux Junior 2.3
ALT Linux ALT Linux Compact 2.3
KDE KDE 3.4

- 不受影响的程序版本

KDE KDE 3.4

- 漏洞讨论

A local insecure file creation vulnerability affects KDE Library 'dcopidling'. This issue is due to a failure of the application to validate the existence of a file prior to writing to it.

An attacker may leverage this issue to corrupt arbitrary files with the privileges of a user that activates an application that implements the affected script.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Mandrake has released advisory MDKSA-2005:045 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

The vendor has released a patch dealing with this issue.

Gentoo Linux has released an advisory dealing with this issue. Gentoo advises that all kdelibs users should upgrade to the latest version by executing the following commands with superuser privileges:

emerge --sync
emerge --ask --oneshot --verbose kde-base/kdelibs

For more information, please see the referenced Gentoo advisory.

KDE has released an advisory (20050316-3) to address this issue. Please see the advisory in Web references for more information.

Mandrake Linux has released a second advisory MDKSA-2005:058 with updates addressing this issue. Please see the referenced advisory for information on obtaining and applying fixes.

Red Hat has released advisory RHSA-2005:325-07 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

Fedora advisories FEDORA-2005-244 and FEDORA-2005-245 are available to address various issues in Fedora Core 2 and Fedora Core 3 affecting kdelibs. Please see the referenced advisories for more information.

ALT Linux has released updates dealing with this and other issues. Please see the reference section for more information.

Conectiva Linux has released advisory CLA-2005:953 to address this, and other issues. Please see the referenced advisory for further information.


KDE KDE 3.2

KDE KDE 3.2.1

KDE KDE 3.2.2

KDE KDE 3.2.3

KDE KDE 3.3

KDE KDE 3.3.1

KDE kdelibs 3.3.2

KDE KDE 3.3.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站