PT-2005-1440 · Kde+1 · Kde+1

Davide Madrisan

Published

2005-02-11

Updated

2017-10-11

CVE-2005-0365

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions KDE versions 3.2.x through 3.3.x

Description The issue concerns the dcopidlng script, which creates temporary files with predictable filenames. This predictability allows local users to perform a symlink attack, enabling them to overwrite arbitrary files.

Recommendations For KDE versions 3.2.x through 3.3.x, consider restricting access to the dcopidlng script until a patch is available to prevent local users from exploiting this issue. As a temporary workaround, avoid using the dcopidlng script for tasks that involve creating temporary files.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0365

RHSA-2005:325

RHSA-2005_325

Affected Products

Kde

Red Hat

PT-2005-1440 · Kde+1 · Kde+1

CVE-2005-0365

Related Identifiers

Affected Products

References · 18