Executive Summary
| Summary | |
|---|---|
| Title | New kphone packages fix information disclosure |
| Informations | |||
|---|---|---|---|
| Name | DSA-1062 | First vendor Publication | 2006-05-19 |
| Vendor | Debian | Last vendor Modification | 2006-05-19 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 4.6 | Attack Range | Local |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Sven Dreyer discovered that KPhone, a Voice over IP client for KDE, creates a configuration file world-readable, which could leak sensitive information like SIP passwords. The the old stable distribution (woody) doesn't contain kphone packages. For the stable distribution (sarge) this problem has been fixed in version 4.1.0-2sarge1. For the unstable distribution (sid) this problem has been fixed in version 4.2-6. We recommend that you upgrade your kphone package. If your current kphonerc has too lax permissions, you'll need to reset them manually. |
Original Source
| Url : http://www.debian.org/security/2006/dsa-1062 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 1062-1 (kphone) File : nvt/deb_1062_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 30948 | kphone .qt/kphonerc User Credential Local Disclosure |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-09-24 | Name : The remote Fedora Core host is missing one or more security updates. File : fedora_extras_kphone_2006-001.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1062.nasl - Type : ACT_GATHER_INFO |
| 2006-05-27 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2006-089.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:25:47 |
|
