PT-2005-1440 · Kde+1 · Kde+1

Davide Madrisan

Publicado

2005-02-11

Atualizado

2017-10-11

CVE-2005-0365

CVSS v2.0

2.1

Baixa

Vetor

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions KDE versions 3.2.x through 3.3.x

Description The issue concerns the dcopidlng script, which creates temporary files with predictable filenames. This predictability allows local users to perform a symlink attack, enabling them to overwrite arbitrary files.

Recommendations For KDE versions 3.2.x through 3.3.x, consider restricting access to the dcopidlng script until a patch is available to prevent local users from exploiting this issue. As a temporary workaround, avoid using the dcopidlng script for tasks that involve creating temporary files.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-0365

RHSA-2005:325

RHSA-2005_325

Produtos afetados

Kde

Red Hat

PT-2005-1440 · Kde+1 · Kde+1

CVE-2005-0365

Identificadores relacionados

Produtos afetados

Referências · 18