Boletines de Vulnerabilidades |
Vulnerabilidad en KPPP |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Integridad |
| Dificultad | Avanzado |
| Requerimientos del atacante | Acceso remoto con cuenta |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricant afectat | GNU/Linux |
| Software afectado | KDE <=3.1.5 |
Descripción |
|
|
Se ha descubierto una vulnerabilidad en la versión 3.1.5 y anteriores de KDE. La vulnerabilidad reside en la aplicación kppp que falla a la hora de cerrar descriptores de archivos privilegiados. La explotación de esta vulnerabilidad podría permitir a un atacante local modificar los archivos /etc/hosts y /etc/resolv.conf con lo que podría alterar la configuración de resolución de nombres del sistema. |
|
Solución |
|
|
Actualización de software KDE KDE 3.1 - Parche ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.5-kdenetwork.diff Red Hat Linux Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor https://rhn.redhat.com/ Debian Linux Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2-14.7.dsc http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2-14.7.diff.gz http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_alpha.deb ARM http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_ia64.deb HP Precision http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_sparc.deb |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CAN-2005-0205 |
| BID | |
Recursos adicionales |
|
|
iDEFENSE Security Advisory 02.28.05 ID 208 http://www.idefense.com/application/poi/display?id=208&type=vulnerabilities KDE Security Advisory http://www.kde.org/info/security/advisory-20050228-1.txt Red Hat Security Advisory RHSA-2005:175-06 https://rhn.redhat.com/errata/RHSA-2005-175.html Debian Security Advisory DSA 692-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00071.html |
|
Histórico de versiones |
||
| Versión | Comentario | Data |
| 1.0 | Aviso emitido | 2005-03-01 |
| 1.1 | Aviso emitido por Red Hat (Advisory RHSA-2005:175-06) | 2005-03-04 |
| 1.2 | Aviso emitido por Debian (DSA 692-1) | 2005-03-09 |