Advertisement

Latest News

[ Windows | Linux | Apple ]

· Libreoffice 4.0.3 released and PPA installation instructions included
· MySQL 5.5.31 for Debian Squeeze
· Gigabyte Intel Z87 Motherboard Lineup Preview and more
· Microsoft to roll out Xbox dashboard UI alterations before next-gen console
· Adobe Photoshop Express now available for Windows 8 and RT
· GNOME 3.8.2 Released
· Windows 8 is an enterprise 'non-starter' because IT sees no value in changes
· What to Expect from Unity in Ubuntu 13.10
· Analysts praise Nokia's new Lumia 925
· Best Business Laptops - May 2013 and more

Upcoming News

· Crucial M500 480GB SSD Review
· NZXT H630 Ultra Tower Chassis Review
· Thermaltake Armor Revo Gene Mid Tower Computer Case Review @ Hi Tech Legion
· News: Gigabyte offers early peek at Z87 motherboards
· Mionix Naos 8200 Gaming mouse @ Rbmods
· [Tech ARP] BIOS Option Of The Week - ISA Shared Memory
· What To Expect From The Next iPhone @ ThinkComputers.org
· Mad Catz R.A.T.M Wireless Mobile Gaming Mouse
· Sumo Lounge Emperor
· Gigabyte Intel Z87 Motherboard Lineup Preview

Linux Compatibility

· Dell Dimension 9100
· CL-CAM50001 UPC=3700284609322
· DFE 520 TX
· nVidia GeForce4 MX 440
· Gore: Ultimate Soldier
· SMC2802W V2 wi-fi 54Mbps PCI card
· Wireless modem router N300
· Dell P780
· ASUS A7V8X
· BricsCAD for Linux

New Forum Topics

· shutdown link ?
by: estirwent
on: 2013-05-11 17:46
18 replies, 6348 views

· Laptop keyboard drank soda
by: Zenn
on: 2013-04-30 00:27
1 replies, 642 views

· connecting to to internet with ubuntu
by: Zenn
on: 2013-04-30 00:26
2 replies, 4502 views

· Need Linux-compatible PS/2 expansion card
by: Zenn
on: 2013-04-30 00:26
1 replies, 708 views

· irql_not_less_or_equal blue screen
by: Zenn
on: 2013-04-30 00:25
2 replies, 1097 views

News Channels

· Drivers
· Guides
· Reviews
· Security
· Software
· Press Release
· Updates
· Interviews
· Linux
· General
· Debian
· Red Hat
· Slackware
· Gentoo
· Mandriva
· White Box
· SUSE
· GNOME
· KDE
· CentOS
· Ubuntu
· MEPIS
· Android

What's New

Login to see an overview of all news stories since your last visit.

Welcome to our website

To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

KDE Security Advisory: langen2kvtml temp file vulnerability

Posted by Philipp Esselbach on: 08/15/2005 05:31 AM [ Print | 0 comment(s) ]

KDE Security Advisory: langen2kvtml tempfile vulnerability
Original Release Date: 2008-08-15
URL: http://www.kde.org/info/security/advisory-20050815-1.txt

0. References

CAN-2005-2101

1. Systems affected:

All KDE releases starting from KDE 3.0 up to including
KDE 3.4.2.

2. Overview:

Ben Burton notified the KDE security team about several
tempfile handling related vulnerabilities in langen2kvtml,
a conversion script for kvoctrain. This vulnerability was
initially discovered by Javier Fernendez-Sanguino Pefa.

The script uses known filenames in /tmp which allow an
local attacker to overwrite files writeable by the
user (manually) invoking the conversion script.

3. Impact:

A local file can overwrite files and possibly elevate
privileges.

4. Solution:

Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.

5. Patch:

Patch for KDE 3.4.2 is available from

ftp://ftp.kde.org/pub/kde/security_patches :

0e82c5810df3b04370188ba13cc50203 post-3.4.2-kdeedu.diff

All products mentioned are registered trademarks or trademarks of their respective owners.
© 2002-2013 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy
Powered by Contentteller® Business Edition