Executive Summary
| Summary | |
|---|---|
| Title | New kdebase packages fix local root vulnerability |
| Informations | |||
|---|---|---|---|
| Name | DSA-815 | First vendor Publication | 2005-09-16 |
| Vendor | Debian | Last vendor Modification | 2005-09-16 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Ilja van Sprundel discovered a serious lock file handling error in kcheckpass that can, in some configurations, be used to gain root access. The old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 3.3.2-1sarge1. For the unstable distribution (sid) this problem has been fixed in version 3.4.2-3. We recommend that you upgrade your kdebase-bin package. |
Original Source
| Url : http://www.debian.org/security/2005/dsa-815 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:9388 | |||
| Oval ID: | oval:org.mitre.oval:def:9388 | ||
| Title: | kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files. | ||
| Description: | kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2005-2494 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 815-1 (kdebase) File : nvt/deb_815_1.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2005-251-01 kcheckpass in kdebase File : nvt/esoft_slk_ssa_2005_251_01.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 19220 | KDE kcheckpass Lockfile Handling Local Privilege Escalation |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-08-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0582.nasl - Type : ACT_GATHER_INFO |
| 2006-08-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0582.nasl - Type : ACT_GATHER_INFO |
| 2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-176-1.nasl - Type : ACT_GATHER_INFO |
| 2005-10-05 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2005-251-01.nasl - Type : ACT_GATHER_INFO |
| 2005-10-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-160.nasl - Type : ACT_GATHER_INFO |
| 2005-09-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-815.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:34:22 |
|
