CVE-2005-0205

Name of the Vulnerable Software and Affected Versions kdenetwork versions 2.2.2 through 3.1.3 kdenetwork-devel version 3.1.3 kdenetwork-ppp version 2.2.2 KPPP version 2.1.2 and earlier in KDE 3.1.5 and earlier

Description The issue may lead to a breach of confidentiality, integrity, and availability of protected information. It can be exploited locally, potentially allowing attackers to gain control over DNS name resolution by manipulating file descriptors for domain sockets. This could enable local users to read and write to sensitive files such as /etc/hosts and /etc/resolv.conf.

Recommendations For kdenetwork versions 2.2.2 through 3.1.3, consider restricting access to sensitive files until a patch is available. For kdenetwork-devel version 3.1.3, restrict the use of the kdenetwork-devel package to minimize the risk of exploitation. For kdenetwork-ppp version 2.2.2, avoid using the kdenetwork-ppp package until the issue is resolved. For KPPP version 2.1.2 and earlier in KDE 3.1.5 and earlier, consider disabling the setuid root functionality for KPPP until a fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.