CVE-2005-2101
CVSS5.0
发布时间 :2005-08-17 00:00:00
修订时间 :2008-09-05 16:50:53
NMCOPS    

[原文]langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files.


[CNNVD]KDE Langen2KVTML 不安全方式创建文件漏洞(CNNVD-200508-179)

        KDE是一个为UNIX工作站设计的强大的开源图形桌面环境。
        KDE langen2kvtml脚本中存在不安全临时文件创建漏洞。该脚本在/tmp中使用已知的文件名,允许本地攻击者覆盖任意文件。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:kde:kde:3.1_beta2
cpe:/o:kde:kde:3.2
cpe:/o:kde:kde:3.2.3
cpe:/o:kde:kde:3.1.4
cpe:/o:kde:kde:3.0.3
cpe:/o:kde:kde:3.4.1
cpe:/o:kde:kde:3.3.1
cpe:/o:kde:kde:3.2.1
cpe:/o:kde:kde:3.1.5
cpe:/o:kde:kde:3.3
cpe:/o:kde:kde:3.0.5
cpe:/o:kde:kde:3.1.1
cpe:/o:kde:kde:3.3.2
cpe:/o:kde:kde:3.0.4
cpe:/o:kde:kde:3.0.2
cpe:/o:kde:kde:3.2.2
cpe:/o:kde:kde:3.0.5a
cpe:/o:kde:kde:3.1.3
cpe:/o:kde:kde:3.2.0_beta1
cpe:/o:kde:kde:3.4
cpe:/o:kde:kde:3.0.1
cpe:/o:kde:kde:3.1.2
cpe:/o:kde:kde:3.0
cpe:/o:kde:kde:3.1
cpe:/o:kde:kde:3.1_alpha1
cpe:/o:kde:kde:3.1_beta1
cpe:/o:kde:kde:3.4.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2101
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2101
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200508-179
(官方数据源) CNNVD

- 其它链接及资源

http://www.kde.org/info/security/advisory-20050815-1.txt
(VENDOR_ADVISORY)  CONFIRM  http://www.kde.org/info/security/advisory-20050815-1.txt
http://www.securityfocus.com/bid/14561
(UNKNOWN)  BID  14561
http://www.mandriva.com/security/advisories?name=MDKSA-2005:159
(UNKNOWN)  MANDRAKE  MDKSA-2005:159
http://www.debian.org/security/2005/dsa-818
(UNKNOWN)  DEBIAN  DSA-818
http://securitytracker.com/id?1014675
(UNKNOWN)  SECTRACK  1014675
http://secunia.com/advisories/16428
(UNKNOWN)  SECUNIA  16428

- 漏洞信息

KDE Langen2KVTML 不安全方式创建文件漏洞
中危 设计错误
2005-08-17 00:00:00 2005-10-20 00:00:00
本地  
        KDE是一个为UNIX工作站设计的强大的开源图形桌面环境。
        KDE langen2kvtml脚本中存在不安全临时文件创建漏洞。该脚本在/tmp中使用已知的文件名,允许本地攻击者覆盖任意文件。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        ftp://ftp.kde.org/pub/kde/security_patches

- 漏洞信息 (F40217)

Debian Linux Security Advisory 818-1 (PacketStormID:F40217)
2005-09-23 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2005-2101
[点击下载]

Debian Security Advisory DSA 818-1 - It was discovered that langen2kvhtml from the kvoctrain package from the kdeedu suite creates temporary files in an insecure fashion. This leaves them open for symlink attacks.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 818-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 22nd, 2005                    http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : kdeedu
Vulnerability  : insecure temporary files
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-2101

Javier Fern    

- 漏洞信息

18758
KDE langen2kvtml Symlink Arbitrary File Overwrite
Local Access Required Race Condition

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-08-15 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

KDE Langen2KVTML Insecure Temporary File Creation Vulnerability
Design Error 14561
No Yes
2005-08-15 12:00:00 2009-07-12 05:06:00
Javier Fernández-Sanguino Peña is credited with the discovery of this vulnerability.

- 受影响的程序版本

Slackware Linux -current
Red Hat Fedora Core4
Red Hat Fedora Core3
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
KDE KDE 3.4.2
KDE KDE 3.4.1
+ Red Hat Fedora Core4
KDE KDE 3.4
KDE KDE 3.3.2
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Debian Linux 3.1
+ Debian Linux 3.1
KDE KDE 3.3.2
KDE KDE 3.3.1
+ Red Hat Fedora Core3
KDE KDE 3.3
KDE KDE 3.2.3
KDE KDE 3.2.2
+ KDE KDE 3.2.2
+ Red Hat Fedora Core2
KDE KDE 3.2.1
KDE KDE 3.2
KDE KDE 3.1.5
KDE KDE 3.1.4
KDE KDE 3.1.3
+ Red Hat Enterprise Linux AS 3
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
KDE KDE 3.1.2
+ Conectiva Linux 9.0
+ Conectiva Linux 9.0
+ KDE KDE 3.1.2
KDE KDE 3.1.1 a
KDE KDE 3.1.1
+ Conectiva Linux 9.0
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. Linux Personal 8.2
KDE KDE 3.1
+ RedHat Linux 9.0 i386
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.1
KDE KDE 3.0.5 b
KDE KDE 3.0.5 a
+ RedHat Linux 8.0 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3 i386
KDE KDE 3.0.5
+ Conectiva Linux 8.0
KDE KDE 3.0.4
+ Conectiva Linux 8.0
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ Gentoo Linux 1.2
KDE KDE 3.0.3 a
KDE KDE 3.0.3
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ Conectiva Linux Enterprise Edition 1.0
+ FreeBSD FreeBSD 4.7 -STABLE
+ FreeBSD FreeBSD 4.7 -STABLE
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
KDE KDE 3.0.2
+ Mandriva Linux Mandrake 8.2
KDE KDE 3.0.1
KDE KDE 3.0
+ Conectiva Linux 8.0

- 漏洞讨论

KDE langen2kvtml is prone to an insecure temporary file creation vulnerability. This issue is due to a design error that causes the application to fail to verify the existence of a file before writing to it.

An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application.

- 漏洞利用

No exploit is required.

- 解决方案

RedHat Fedora has released security advisory FEDORA-2005-745 addressing this issue for Fedora Core 3. Please see the referenced advisory for further information.

RedHat Fedora has released security advisory FEDORA-2005-744 addressing this issue for Fedora Core 4. Please see the referenced advisory for further information.

Mandriva has released advisory MDKSA-2005:159 and fixes to address this issue. Please see the referenced advisory for links to fixes.

Slackware has released security advisory SSA:2005-251-03 addressing this issue for their -current version. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

Debian has released advisory DSA 818-1 and fixes to address this issue. Please see the referenced advisory for links to fixes.

The vendor has released patches addressing this issue:


Slackware Linux -current

KDE KDE 3.2.3

KDE KDE 3.3

KDE KDE 3.3.2

KDE KDE 3.3.2

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站