KPhone Local Information Disclosure Vulnerability
BID:18049
CVE-2006-2442 |Info
KPhone Local Information Disclosure Vulnerability
| Bugtraq ID: | 18049 |
| Class: | Design Error |
| CVE: |
CVE-2006-2442 |
| Remote: | No |
| Local: | Yes |
| Published: | May 19 2006 12:00AM |
| Updated: | Jun 21 2006 07:35PM |
| Credit: | Sven Dreyer <[email protected]> discovered this issue. |
| Vulnerable: |
Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 KPhone KPhone 4.2 |
| Not Vulnerable: | |
Discussion
KPhone Local Information Disclosure Vulnerability
KPhone is susceptible to a local information-disclosure vulnerability. This issue is due to the application's failure to ensure that files containing sensitive information are properly secured.
This issue allows local attackers to gain access to potentially sensitive information, including SIP configuration and passwords. This may aid them in further attacks.
KPhone version 4.2 is vulnerable to this issue; other versions may also be affected.
KPhone is susceptible to a local information-disclosure vulnerability. This issue is due to the application's failure to ensure that files containing sensitive information are properly secured.
This issue allows local attackers to gain access to potentially sensitive information, including SIP configuration and passwords. This may aid them in further attacks.
KPhone version 4.2 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
KPhone Local Information Disclosure Vulnerability
Attackers use standard system utilities to exploit this issue.
Attackers use standard system utilities to exploit this issue.
Solution / Fix
KPhone Local Information Disclosure Vulnerability
Solution:
Currently we are not aware of any official vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Please see the referenced third-party advisories for details on obtaining and applying fixes.
KPhone KPhone 4.2
Solution:
Currently we are not aware of any official vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Please see the referenced third-party advisories for details on obtaining and applying fixes.
KPhone KPhone 4.2
-
Mandriva kphone-4.2-5.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
kphone-4.2-5.1.20060mdk.i586.rpm -
Mandriva kphone-4.2-5.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
kphone-4.2-5.1.20060mdk.i586.rpm
References
KPhone Local Information Disclosure Vulnerability
References:
References:
- Debian Bug report logs - #337830 (Debian)
- KPhone Homepage (KPhone)