CVE-2005-0396
CVSS2.1
发布时间 :2005-05-02 00:00:00
修订时间 :2016-10-17 23:11:23
NMCOPS    

[原文]Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE before 3.4 allows local users to cause a denial of service (dcopserver consumption) by "stalling the DCOP authentication process."


[CNNVD]KDE DCOP本地拒绝服务漏洞(CNNVD-200505-082)

        KDE是Linux和Unix工作站的一款免费开放源代码X桌面管理程序,DCOP是KDE的桌面通讯协议。
        SUSE LINUX安全小组的Sebastian Krahmer报告在KDE的桌面通讯协议(DCOP)守护程序(也就是dcopserver)中存在本地拒绝服务漏洞。本地用户可以拖延DCOP认证过程,这样就可以锁定同一机器中任意其他用户的dcopserver。尽管这种攻击仍无法绕过认证过程,但可极大的降低受影响用户的桌面功能,包括但不限于无法浏览Internet,无法启动新的应用程序。
        

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:kde:dcopserver:3.3
cpe:/a:kde:desktop_communication_protocol_daemon:3.3

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10432Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE before 3.4 allows local users to cause a denial of service (dcopserver ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0396
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0396
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-082
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=111099766716483&w=2
(UNKNOWN)  BUGTRAQ  20050316 Multiple KDE Security Advisories (2005-03-16)
http://security.gentoo.org/glsa/glsa-200503-22.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200503-22
http://www.kde.org/info/security/advisory-20050316-1.txt
(VENDOR_ADVISORY)  CONFIRM  http://www.kde.org/info/security/advisory-20050316-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2005:058
(UNKNOWN)  MANDRAKE  MDKSA-2005:058
http://www.redhat.com/support/errata/RHSA-2005-307.html
(UNKNOWN)  REDHAT  RHSA-2005:307
http://www.redhat.com/support/errata/RHSA-2005-325.html
(UNKNOWN)  REDHAT  RHSA-2005:325
http://www.securityfocus.com/archive/1/archive/1/427976/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:178606
http://www.securityfocus.com/bid/12820
(UNKNOWN)  BID  12820

- 漏洞信息

KDE DCOP本地拒绝服务漏洞
低危 其他
2005-05-02 00:00:00 2005-10-20 00:00:00
本地  
        KDE是Linux和Unix工作站的一款免费开放源代码X桌面管理程序,DCOP是KDE的桌面通讯协议。
        SUSE LINUX安全小组的Sebastian Krahmer报告在KDE的桌面通讯协议(DCOP)守护程序(也就是dcopserver)中存在本地拒绝服务漏洞。本地用户可以拖延DCOP认证过程,这样就可以锁定同一机器中任意其他用户的dcopserver。尽管这种攻击仍无法绕过认证过程,但可极大的降低受影响用户的桌面功能,包括但不限于无法浏览Internet,无法启动新的应用程序。
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        ftp://ftp.kde.org/pub/kde/security_patches

- 漏洞信息 (F36714)

Gentoo Linux Security Advisory 200503-22 (PacketStormID:F36714)
2005-03-22 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-0396
[点击下载]

Gentoo Linux Security Advisory GLSA 200503-22 - Sebastian Krahmer discovered that it is possible to stall the dcopserver of other users. Versions less than 3.3.2-r7 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200503-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: KDE: Local Denial of Service
      Date: March 19, 2005
      Bugs: #83814
        ID: 200503-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

KDE is vulnerable to a local Denial of Service attack.

Background
==========

KDE is a feature-rich graphical desktop environment for Linux and
Unix-like Operating Systems. DCOP is KDE's simple IPC/RPC mechanism.

Affected packages
=================

    -------------------------------------------------------------------
     Package           /  Vulnerable  /                     Unaffected
    -------------------------------------------------------------------
  1  kde-base/kdelibs     < 3.3.2-r7                       >= 3.3.2-r7
                                                          *>= 3.2.3-r8

Description
===========

Sebastian Krahmer discovered that it is possible to stall the
dcopserver of other users.

Impact
======

An attacker could exploit this to cause a local Denial of Service by
stalling the dcopserver in the authentication process. As a result all
desktop functionality relying on DCOP will cease to function.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All kdelibs users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose kde-base/kdelibs

References
==========

  [ 1 ] CAN-2005-0396
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0396

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200503-22.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息 (F36673)

KDE Security Advisory 2005-03-16.1 (PacketStormID:F36673)
2005-03-22 00:00:00
KDE Desktop  kde.org
advisory,denial of service,local,protocol
linux,suse
CVE-2005-0396
[点击下载]

KDE Security Advisory: Sebastian Krahmer of the SUSE LINUX Security Team reported a local denial of service vulnerability in KDE's Desktop Communication Protocol (DCOP) daemon better known as dcopserver. Systems affected: All KDE version prior to KDE 3.4 on systems where multiple users have access.

Three KDE security advisories have been issued today.

KDE Security Advisory: Local DCOP denial of service vulnerability
Original Release Date: 20050316
URL: http://www.kde.org/info/security/advisory-20050316-1.txt

0. References
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0396


1. Systems affected:

        All KDE version prior to KDE 3.4 on systems where multiple users
        have access.


2. Overview:

        Sebastian Krahmer of the SUSE LINUX Security Team reported a local
        denial of service vulnerability in KDE's Desktop Communication
        Protocol (DCOP) daemon better known as dcopserver.

        A local user can lock up the dcopserver of arbitrary other users
        on the same machine by stalling the DCOP authentication process.

        Although it is not possible to by pass the authentication process
        this way, it can cause a significant reduction in desktop
        functionality for the affected users.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CAN-2005-0396 to this issue.

      
3. Impact:

        A local user can lock up the dcopserver of arbitrary other users
        on the same machine. This can cause a significant reduction in
        desktop functionality for the affected users including, but not
        limited to, the inability to browse the internet and the inability
        to start new applications.


4. Solution:

        Upgrade to KDE 3.4.

        For older versions of KDE Source code patches have been made
        available which fix these vulnerabilities. Contact your OS vendor /
        binary package provider for information about how to obtain updated
        binary packages.


5. Patch:

        A patch for KDE 3.1.x is available from
        ftp://ftp.kde.org/pub/kde/security_patches

        377c49d8224612fbf09f70f3c09d52f5  post-3.1.5-kdelibs-dcop.patch

        A patch for KDE 3.2.x is available from
        ftp://ftp.kde.org/pub/kde/security_patches

        0948701bffb082c65784dc8a2b648ef0  post-3.2.3-kdelibs-dcop.patch

        A patch for KDE 3.3.x is available from
        ftp://ftp.kde.org/pub/kde/security_patches

        7309e259ae1f29be08bbb70e580da3fb  post-3.3.2-kdelibs-dcop.patch


6. Time line and credits:

        21/02/2005 KDE Security informed by SUSE LINUX.
        21/02/2005 Patches applied to KDE CVS.
        02/03/2005 Vendors notified
        16/03/2005 KDE Security Advisory released.


KDE Security Advisory: Konqueror International Domain Name Spoofing
Original Release Date: 20050316
URL: http://www.kde.org/info/security/advisory-20050316-2.txt

0. References
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0237
        http://bugs.kde.org/show_bug.cgi?id=98788
   http://lists.netsys.com/pipermail/full-disclosure/2005-February/031459.html 
   http://lists.netsys.com/pipermail/full-disclosure/2005-February/031460.html 
        http://www.shmoo.com/idn 
        http://www.shmoo.com/idn/homograph.txt 
        http://xforce.iss.net/xforce/xfdb/19236
        http://secunia.com/advisories/14162/

1. Systems affected:

        All KDE versions in the KDE 3.2.x and KDE 3.3.x series.


2. Overview:

        Since version 3.2 KDE and it's webbrowser Konqueror have support
        for International Domain Names (IDN). Unfortunately this has
        made KDE vulnerable to a phishing technique known as a 
        Homograph attack.

        IDN allows a website to use a wide range of international characters
        in its domain name. Unfortunately some of these characters have a
        strong resemblance to other characters, so called homographs. This
        makes it possible for a website to use a domain name that is
        technically different from another well known domain name, but has
        no or very little visual differences.

        This lack of visual difference can be abused by attackers to
        trick users into visiting malicious websites that resemble
        a well known and trusted website in order to obtain personal
        information such as credit card details.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CAN-2005-0237 to this issue.

        For KDE 3.4 KDE and the Konqueror webbrowser have adopted a
        whitelist of domains for which IDN is safe to use because the
        registrar for these domains has implemented anti-homographic
        character policies or otherwise limited the available set of
        characters to prevent spoofing.

      
3. Impact:

        Users can be tricked into visiting a malicious website that
        resembles a well known and trusted website without getting any
        visual indication that this website differs from the one the
        user was expecting to visit.


4. Solution:

        Upgrade to KDE 3.4.

        For older versions of KDE Source code patches have been made
        available which fix these vulnerabilities. Contact your OS vendor /
        binary package provider for information about how to obtain updated
        binary packages.


5. Patch:

        A patch for KDE 3.2.x is available from
        ftp://ftp.kde.org/pub/kde/security_patches

        611bad3cb9ae46ac35b907c7321da7aa  post-3.2.3-kdelibs-idn.patch

        A patch for KDE 3.3.x is available from
        ftp://ftp.kde.org/pub/kde/security_patches

        c87754dbbaca4cdfeb26626a908fab5f  post-3.3.2-kdelibs-idn.patch

6. Time line and credits:

        07/02/2005 Issue raised by Eric Johanson on full-disclosure
        03/03/2005 Patches applied to KDE CVS.
        04/03/2005 Vendors notified
        16/03/2005 KDE Security Advisory released.


KDE Security Advisory: Insecure temporary file creation by dcopidlng
Original Release Date: 20050316
URL: http://www.kde.org/info/security/advisory-20050316-3.txt

0. References
        http://bugs.kde.org/show_bug.cgi?id=97608
        http://www.gentoo.org/security/en/glsa/glsa-200503-14.xml 
        http://bugs.gentoo.org/attachment.cgi?id=51120&action=view
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0365

1. Systems affected:

        All KDE versions in the KDE 3.2.x and KDE 3.3.x series.
        This problem only affects users who compile KDE or KDE applications
        themselves.

2. Overview:

        The dcopidlng script is vulnerable to symlink attacks, potentially
        allowing a local user to overwrite arbitrary files of a user when
        the script is run on behalf of that user.

        The dcopidlng script is run as part of the build process of KDE
        itself and may be used by the build process of third party KDE
        applications.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CAN-2005-0365 to this issue.

      
3. Impact:

        The dcopidlng script is vulnerable to symlink attacks, potentially
        allowing a local user to overwrite arbitrary files of a user when
        that user compiles KDE or third party KDE applications that use the
        dcopidlng script as part of their build process.


4. Solution:

        Upgrade to KDE 3.4.

        For older versions of KDE Source code patches have been made
        available which fix these vulnerabilities.

        Installed versions of dcopidlng can be patched manually as follows:

            cd $(kde-config --expandvars --install exe)
            patch < ~/post-3.2.3-kdelibs-dcopidlng.patch

5. Patch:

        A patch for KDE 3.2.x is available from
        ftp://ftp.kde.org/pub/kde/security_patches

        43213bb9876704041af622ed2a6903ae  post-3.2.3-kdelibs-dcopidlng.patch

        A patch for KDE 3.3.x is available from
        ftp://ftp.kde.org/pub/kde/security_patches

        43213bb9876704041af622ed2a6903ae  post-3.3.2-kdelibs-dcopidlng.patch


6. Time line and credits:

        21/01/2005 Problem reported to bugs.kde.org by Davide Madrisan
        21/01/2005 Patches applied to KDE CVS.
        16/03/2005 KDE Security Advisory released.
    

- 漏洞信息

14813
KDE Desktop Communication Protocol dcopserver Local DoS
Local Access Required Denial of Service
Loss of Availability
Exploit Unknown

- 漏洞描述

KDE contains a flaw that may allow a local denial of service. The issue is due to an error in the authentication process in the DCOP (Desktop Communication Protocol) daemon (dcopserver), and will result in loss of availability for the service.

- 时间线

2005-03-16 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 3.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

KDE DCOPServer Local Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 12820
No Yes
2005-03-16 12:00:00 2007-02-20 09:26:00
Discovery is credited to Sebastian Krahmer.

- 受影响的程序版本

SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 7
+ Linux kernel 2.4.19
SGI ProPack 3.0
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
KDE kdelibs 3.3.2
+ Gentoo Linux
KDE kdelibs 3.3.1
+ Red Hat Enterprise Linux AS 4
+ RedHat Desktop 4.0
+ RedHat Enterprise Linux Desktop version 4
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux WS 4
KDE kdelibs 3.3
KDE kdelibs 3.2.2
+ KDE KDE 3.2.2
+ Red Hat Fedora Core2
KDE kdelibs 3.2.1
KDE kdelibs 3.2
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
KDE KDE 3.3.2
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Debian Linux 3.1
+ Debian Linux 3.1
KDE KDE 3.3.1
+ Red Hat Fedora Core3
KDE KDE 3.3
KDE KDE 3.2.3
KDE KDE 3.2.2
+ KDE KDE 3.2.2
+ Red Hat Fedora Core2
KDE KDE 3.2.1
KDE KDE 3.2
KDE KDE 3.1.5
KDE KDE 3.1.4
KDE KDE 3.1.3
+ Red Hat Enterprise Linux AS 3
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
KDE KDE 3.1.2
+ Conectiva Linux 9.0
+ Conectiva Linux 9.0
+ KDE KDE 3.1.2
KDE KDE 3.1.1 a
KDE KDE 3.1.1
+ Conectiva Linux 9.0
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. Linux Personal 8.2
KDE KDE 3.1
+ RedHat Linux 9.0 i386
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.1
KDE KDE 3.0.5 b
KDE KDE 3.0.5 a
+ RedHat Linux 8.0 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3 i386
KDE KDE 3.0.5
+ Conectiva Linux 8.0
KDE KDE 3.0.4
+ Conectiva Linux 8.0
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ Gentoo Linux 1.2
KDE KDE 3.0.3 a
KDE KDE 3.0.3
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ Conectiva Linux Enterprise Edition 1.0
+ FreeBSD FreeBSD 4.7 -STABLE
+ FreeBSD FreeBSD 4.7 -STABLE
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
KDE KDE 3.0.2
+ Mandriva Linux Mandrake 8.2
KDE KDE 3.0.1
KDE KDE 3.0
+ Conectiva Linux 8.0
KDE KDE 2.2.2
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux Advanced Work Station 2.1
+ Sun Linux 5.0.7
+ Sun Linux 5.0.7
+ Sun Linux 5.0.6
+ Sun Linux 5.0.6
+ Sun Linux 5.0.5
+ Sun Linux 5.0.5
KDE KDE 2.2.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Caldera OpenLinux Workstation 3.1
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
KDE KDE 2.2
KDE KDE 2.1.2
+ Conectiva Linux 7.0
KDE KDE 2.1.1
KDE KDE 2.1
KDE KDE 2.0.1
+ Conectiva Linux 6.0
KDE KDE 2.0 BETA
KDE KDE 2.0
KDE KDE 1.2
- S.u.S.E. Linux 6.4
KDE KDE 1.1.2
+ Caldera OpenLinux 2.3
+ Mandriva Linux Mandrake 7.0
KDE KDE 1.1.1
KDE KDE 1.1
Gentoo Linux
Conectiva Linux 10.0
Conectiva Linux 9.0
ALT Linux ALT Linux Junior 2.3
ALT Linux ALT Linux Compact 2.3
S.u.S.E. Linux Personal 9.3
KDE KDE 3.4

- 不受影响的程序版本

S.u.S.E. Linux Personal 9.3
KDE KDE 3.4

- 漏洞讨论

KDE's Desktop Communication Protocol (DCOP) daemon is affected by a local denial-of-service vulnerability.

Reportedly, a user's DCOPServer can be locked up by causing the authentication process to stall.

All versions of KDE prior to 3.4 are affected by this issue.

This BID will be updated when more information is available.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.

- 解决方案

Please see the referenced advisories for more information.


KDE KDE 1.1

KDE KDE 1.1.1

KDE KDE 1.1.2

KDE KDE 1.2

KDE KDE 2.0 BETA

KDE KDE 2.0

KDE KDE 2.0.1

KDE KDE 2.1

KDE KDE 2.1.1

KDE KDE 2.1.2

KDE KDE 2.2

KDE KDE 2.2.1

KDE KDE 2.2.2

KDE KDE 3.0

KDE KDE 3.0.1

KDE KDE 3.0.2

KDE KDE 3.0.3 a

KDE KDE 3.0.3

KDE KDE 3.0.4

KDE KDE 3.0.5

KDE KDE 3.0.5 b

KDE KDE 3.0.5 a

KDE KDE 3.1

KDE KDE 3.1.1 a

KDE KDE 3.1.1

KDE KDE 3.1.2

KDE KDE 3.1.3

KDE KDE 3.1.4

KDE KDE 3.1.5

KDE KDE 3.2

KDE KDE 3.2.1

KDE KDE 3.2.2

KDE KDE 3.2.3

KDE KDE 3.3

KDE KDE 3.3.1

KDE KDE 3.3.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站