SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   KDE Vendors:   KDE.org
(Fedora Issues Fix) KDE DCOP Bug Lets Local Users Deny Service
SecurityTracker Alert ID:  1013529
SecurityTracker URL:  http://securitytracker.com/id/1013529
CVE Reference:   CVE-2005-0396   (Links to External Site)
Date:  Mar 23 2005
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 3.4
Description:   A denial of service vulnerability was reported in the KDE Desktop Communication Protocol (DCOP) daemon. A local user can cause the dcopserver to hang.

A local user can stall the DCOP authentication process to cause the dcopserver, which may be used by other users on the system, to lock up. Desktop functionality such as browsing and launching applications may be adversely and signifcantly affected.

The vendor was notified on February 21, 2005.

Sebastian Krahmer of the SUSE LINUX Security Team reported this vulnerability.

Impact:   A local user can cause the dcopserver to hang, which may affected desktop functionality such as browsing and launching applications for other users.
Solution:   Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

c28ef6077f606f12a42cc9353b44dbfb SRPMS/kdelibs-3.3.1-2.9.FC3.src.rpm
27aa0f9c550e57fecd378e5e7c5aff97 x86_64/kdelibs-3.3.1-2.9.FC3.x86_64.rpm
f2801218b5ff4be23df191f5de57fa42
x86_64/kdelibs-devel-3.3.1-2.9.FC3.x86_64.rpm
add5d7c4324e4790ee84441237225e88
x86_64/debug/kdelibs-debuginfo-3.3.1-2.9.FC3.x86_64.rpm
4ef5aaa433f4108d56110118c35e3f7f x86_64/kdelibs-3.3.1-2.9.FC3.i386.rpm
4ef5aaa433f4108d56110118c35e3f7f i386/kdelibs-3.3.1-2.9.FC3.i386.rpm
5aca755d133987148fb5885b08daad24 i386/kdelibs-devel-3.3.1-2.9.FC3.i386.rpm
f79bcea56792848db679d141f9bd903b
i386/debug/kdelibs-debuginfo-3.3.1-2.9.FC3.i386.rpm

Vendor URL:  www.kde.org/info/security/advisory-20050316-1.txt (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Red Hat Fedora)
Underlying OS Comments:  FC3

Message History:   This archive entry is a follow-up to the message listed below.
Mar 16 2005 KDE DCOP Bug Lets Local Users Deny Service



 Source Message Contents

Subject:  [SECURITY] Fedora Core 3 Update: kdelibs-3.3.1-2.9.FC3


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-245
2005-03-23
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : kdelibs
Version     : 3.3.1
Release     : 2.9.FC3
Summary     : K Desktop Environment - Libraries
Description :
Libraries for the K Desktop Environment:
KDE Libraries included: kdecore (KDE core library), kdeui (user interface),
kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),
kspell (spelling checker), jscript (javascript), kab (addressbook),
kimgio (image manipulation).

---------------------------------------------------------------------

* Wed Mar 23 2005 Than Ngo <than@redhat.com> 6:3.3.1-2.9.FC3

- Applied patch to fix konqueror international domain name spoofing,
  CAN-2005-0237, #147405
- get rid of broken AltiVec instructions on ppc

* Wed Mar  2 2005 Than Ngo <than@redhat.com> 6:3.3.1-2.8.FC3

- Applied patch to fix DCOP DoS, CAN-2005-0396, #150092
  thanks KDE security team

* Wed Feb 16 2005 Than Ngo <than@redhat.com> 6:3.3.1-2.7.FC3

- Applied patch to fix dcopidlng insecure temporary file usage, 
CAN-2005-0365, #148823


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

c28ef6077f606f12a42cc9353b44dbfb  SRPMS/kdelibs-3.3.1-2.9.FC3.src.rpm
27aa0f9c550e57fecd378e5e7c5aff97  x86_64/kdelibs-3.3.1-2.9.FC3.x86_64.rpm
f2801218b5ff4be23df191f5de57fa42  
x86_64/kdelibs-devel-3.3.1-2.9.FC3.x86_64.rpm
add5d7c4324e4790ee84441237225e88  
x86_64/debug/kdelibs-debuginfo-3.3.1-2.9.FC3.x86_64.rpm
4ef5aaa433f4108d56110118c35e3f7f  x86_64/kdelibs-3.3.1-2.9.FC3.i386.rpm
4ef5aaa433f4108d56110118c35e3f7f  i386/kdelibs-3.3.1-2.9.FC3.i386.rpm
5aca755d133987148fb5885b08daad24  i386/kdelibs-devel-3.3.1-2.9.FC3.i386.rpm
f79bcea56792848db679d141f9bd903b  
i386/debug/kdelibs-debuginfo-3.3.1-2.9.FC3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC