KDE Kommander Arbitrary Script Execution Vulnerability
BID:13313
Info
KDE Kommander Arbitrary Script Execution Vulnerability
| Bugtraq ID: | 13313 |
| Class: | Unknown |
| CVE: |
CVE-2005-0754 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 22 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Discovered by Eckhart Wörner. |
| Vulnerable: |
Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 Redhat Fedora Core3 KDE Quanta 3.1 KDE KDE 3.4 KDE KDE 3.3.2 KDE KDE 3.3.2 KDE KDE 3.3.1 KDE KDE 3.3 KDE KDE 3.2.3 KDE KDE 3.2.2 KDE KDE 3.2.1 KDE KDE 3.2 Gentoo Linux |
| Not Vulnerable: | |
Discussion
KDE Kommander Arbitrary Script Execution Vulnerability
KDE Kommander is prone to a vulnerability that could allow arbitrary script code to be executed without user interaction. Such code would execute in the security context of the user running Kommander.
This issue was reported to affect Quanta 3.1.x and KDE from 3.2 to 3.4.0.
KDE Kommander is prone to a vulnerability that could allow arbitrary script code to be executed without user interaction. Such code would execute in the security context of the user running Kommander.
This issue was reported to affect Quanta 3.1.x and KDE from 3.2 to 3.4.0.
Exploit / POC
KDE Kommander Arbitrary Script Execution Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
KDE Kommander Arbitrary Script Execution Vulnerability
Solution:
Ubuntu has released an advisory (USN-115-1) and fixes to address this issue. Please see the referenced advisory for further information.
Fedora advisory FEDORA-2005-345 for Fedora Core 3 is available to address this issue. Fixes may be installed using the Red Hat Update Agent; this can be accomplished using the 'up2date' command. Please see the referenced advisory for more information.
Gentoo has released advisory GLSA 200504-23 and a fix to address this issue. To obtain the upgrade, enter the following:
emerge --sync
emerge --ask --oneshot --verbose ">=kde-base/kdewebdev-3.3.2-r1"
Fixes are available.
Conectiva Linux has released advisory CLA-2005:953 to address this, and other issues. Please see the referenced advisory for further information.
Gentoo has updated advisory GLSA 200504-23 to GLSA 200504-23:02. This advisory includes updated packages to address this issue. The previous fixes did not properly address this issue. To obtain the upgrade, enter the following:
emerge --sync
emerge --ask --oneshot --verbose ">=kde-base/kdewebdev-3.3.2-r2"
KDE KDE 3.3
KDE KDE 3.3.2
KDE KDE 3.4
Solution:
Ubuntu has released an advisory (USN-115-1) and fixes to address this issue. Please see the referenced advisory for further information.
Fedora advisory FEDORA-2005-345 for Fedora Core 3 is available to address this issue. Fixes may be installed using the Red Hat Update Agent; this can be accomplished using the 'up2date' command. Please see the referenced advisory for more information.
Gentoo has released advisory GLSA 200504-23 and a fix to address this issue. To obtain the upgrade, enter the following:
emerge --sync
emerge --ask --oneshot --verbose ">=kde-base/kdewebdev-3.3.2-r1"
Fixes are available.
Conectiva Linux has released advisory CLA-2005:953 to address this, and other issues. Please see the referenced advisory for further information.
Gentoo has updated advisory GLSA 200504-23 to GLSA 200504-23:02. This advisory includes updated packages to address this issue. The previous fixes did not properly address this issue. To obtain the upgrade, enter the following:
emerge --sync
emerge --ask --oneshot --verbose ">=kde-base/kdewebdev-3.3.2-r2"
KDE KDE 3.3
-
Fedora kdewebdev-3.3.1-2.1.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora kdewebdev-3.3.1-2.1.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora kdewebdev-debuginfo-3.3.1-2.1.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora kdewebdev-debuginfo-3.3.1-2.1.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora kdewebdev-devel-3.3.1-2.1.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora kdewebdev-devel-3.3.1-2.1.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
KDE KDE 3.3.2
-
KDE post-3.3.2-kdewebdev-kommander.diff
ftp://ftp.kde.org/pub/kde/security_patches/post-3.3.2-kdewebdev-komman der.diff
KDE KDE 3.4
-
KDE post-3.4.0-kdewebdev-kommander.diff
ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.0-kdewebdev-komman der.diff -
Ubuntu kdewebdev-doc-html_3.4.0-0ubuntu2.2_all.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kdewebdev- doc-html_3.4.0-0ubuntu2.2_all.deb -
Ubuntu kdewebdev_3.4.0-0ubuntu2.2_all.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kdewebdev_3.4. 0-0ubuntu2.2_all.deb -
Ubuntu kfilereplace_3.4.0-0ubuntu2.2_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kfilereplace_3 .4.0-0ubuntu2.2_amd64.deb -
Ubuntu kfilereplace_3.4.0-0ubuntu2.2_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kfilereplace_3 .4.0-0ubuntu2.2_i386.deb -
Ubuntu kfilereplace_3.4.0-0ubuntu2.2_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kfilereplace_3 .4.0-0ubuntu2.2_powerpc.deb -
Ubuntu kimagemapeditor_3.4.0-0ubuntu2.2_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kimagemapedito r_3.4.0-0ubuntu2.2_amd64.deb -
Ubuntu kimagemapeditor_3.4.0-0ubuntu2.2_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kimagemapedito r_3.4.0-0ubuntu2.2_i386.deb -
Ubuntu kimagemapeditor_3.4.0-0ubuntu2.2_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kimagemapedito r_3.4.0-0ubuntu2.2_powerpc.deb -
Ubuntu klinkstatus_3.4.0-0ubuntu2.2_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/klinkstatus_3. 4.0-0ubuntu2.2_amd64.deb -
Ubuntu klinkstatus_3.4.0-0ubuntu2.2_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/klinkstatus_3. 4.0-0ubuntu2.2_i386.deb -
Ubuntu klinkstatus_3.4.0-0ubuntu2.2_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/klinkstatus_3. 4.0-0ubuntu2.2_powerpc.deb -
Ubuntu kommander-dev_3.4.0-0ubuntu2.2_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kommander- dev_3.4.0-0ubuntu2.2_amd64.deb -
Ubuntu kommander-dev_3.4.0-0ubuntu2.2_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kommander- dev_3.4.0-0ubuntu2.2_i386.deb -
Ubuntu kommander-dev_3.4.0-0ubuntu2.2_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kommander- dev_3.4.0-0ubuntu2.2_powerpc.deb -
Ubuntu kommander_3.4.0-0ubuntu2.2_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kommander_3.4. 0-0ubuntu2.2_amd64.deb -
Ubuntu kommander_3.4.0-0ubuntu2.2_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kommander_3.4. 0-0ubuntu2.2_i386.deb -
Ubuntu kommander_3.4.0-0ubuntu2.2_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kommander_3.4. 0-0ubuntu2.2_powerpc.deb -
Ubuntu kxsldbg_3.4.0-0ubuntu2.2_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kxsldbg_3.4.0- 0ubuntu2.2_amd64.deb -
Ubuntu kxsldbg_3.4.0-0ubuntu2.2_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kxsldbg_3.4.0- 0ubuntu2.2_i386.deb -
Ubuntu kxsldbg_3.4.0-0ubuntu2.2_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kxsldbg_3.4.0- 0ubuntu2.2_powerpc.deb -
Ubuntu quanta-data_3.4.0-0ubuntu2.2_all.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/quanta-data_3. 4.0-0ubuntu2.2_all.deb -
Ubuntu quanta_3.4.0-0ubuntu2.2_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/quanta_3.4.0-0 ubuntu2.2_amd64.deb -
Ubuntu quanta_3.4.0-0ubuntu2.2_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/quanta_3.4.0-0 ubuntu2.2_i386.deb -
Ubuntu quanta_3.4.0-0ubuntu2.2_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/quanta_3.4.0-0 ubuntu2.2_powerpc.deb