Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0754

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0754
Last Modified 05 Sep 2008 04:47:13
Published 22 Apr 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0754

Summary

Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.

Vulnerable Systems

Operating System

  • Conectiva Linux 10.0

  • Conectiva Linux 9.0

  • Gentoo Linux

  • Kde 3.2

  • Kde 3.2.1

  • Kde 3.2.2

  • Kde 3.2.3

  • Kde 3.3

  • Kde 3.3.1

  • Kde 3.3.2

  • Kde 3.4

  • Redhat Fedora Core Core 3.0

  • Ubuntu Linux 4.1

  • Ubuntu Linux 5.04

Application

  • Kde Quanta 3.1


References

BID - 13313

CONFIRM - http://www.kde.org/info/security/advisory-20050420-1.txt

SECUNIA - 15060

BUGTRAQ - 20050422 [KDE Security Advisory]: Kommander untrusted code execution

CONFIRM - ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.0-kdewebdev-kommander.diff


Last Updated: 27 May 2016 10:39:55