Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2494

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-2494
Last Modified 21 Aug 2010 12:31:33
Published 06 Sep 2005 07:03:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-2494

Summary

kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files.

Vulnerable Systems

Operating System

  • Kde 3.2.0

  • Kde 3.2.1

  • Kde 3.2.2

  • Kde 3.2.3

  • Kde 3.3.0

  • Kde 3.3.1

  • Kde 3.3.2

  • Kde 3.4.0

  • Kde 3.4.1

  • Kde 3.4.2


References

CONFIRM - http://www.kde.org/info/security/advisory-20050905-1.txt

MISC - ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.2-kdebase-kcheckpass.diff

UBUNTU - USN-176-1

MISC - http://www.suresec.org/advisories/adv6.pdf

BID - 14736

REDHAT - RHSA-2006:0582

MANDRAKE - MDKSA-2005:160

DEBIAN - DSA-815

SECUNIA - 21481

SECUNIA - 18139

SECUNIA - 16692

BUGTRAQ - 20050907 [ Suresec Advisories ] - Kcheckpass file creation vulnerability

BUGTRAQ - 20050905 [KDE Security Advisory] kcheckpass local root vulnerability


Last Updated: 27 May 2016 10:40:32