Boletines de Vulnerabilidades |
Fuga de información en KDE |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Aumento de la visibilidad |
Dificultad | Principiante |
Requerimientos del atacante | Acceso remoto con cuenta |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado |
KDE 3.2.x KDE 3.3.0 <= 3.3.2 |
Descripción |
|
KDE guarda las credenciales que introduce un usuario de forma manual o las creadas por el manejador del protocolo SMB, en el archivo sin cifrar ".desktop", que podría ser creado con permisos de lectura para todos los usuarios; esto podría permitir que un usuario local obtuviera nombres de usuarios y contraseñas de fuentes remotas tales como elementos compartidos por SMB. | |
Solución |
|
Aplique los mecanismos de actualización propios de su sistema, o bien descargue las fuentes del software y compílelas usted mismo. Actualización de software KDE KDE 3.3.1 ftp://ftp.kde.org/pub/kde/security_patches/post-3.3.1-kdebase-smb.diff ftp://ftp.kde.org/pub/kde/security_patches/post-3.3.1-kdelibs-khtml.diff ftp://ftp.kde.org/pub/kde/security_patches/post-3.3.1-kdelibs-kio.diff KDE 3.3.2 ftp://ftp.kde.org/pub/kde/security_patches/post-3.3.2-kdelibs-kio.diff KDE 3.2.3 ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdebase-smb.diff ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml.diff ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-kio.diff Mandrake Linux Mandrake Linux 10.0 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kdebase-3.2-79.14.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kdebase-common-3.2-79.14.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kdebase-kate-3.2-79.14.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kdebase-kcontrol-data-3.2-79.14.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kdebase-kdeprintfax-3.2-79.14.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kdebase-kdm-3.2-79.14.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kdebase-kdm-config-file-3.2-79.14.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kdebase-kmenuedit-3.2-79.14.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kdebase-konsole-3.2-79.14.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kdebase-nsplugins-3.2-79.14.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kdebase-progs-3.2-79.14.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kdelibs-common-3.2-36.6.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libkdebase4-3.2-79.14.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libkdebase4-devel-3.2-79.14.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libkdebase4-kate-3.2-79.14.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libkdebase4-kate-devel-3.2-79.14.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libkdebase4-kmenuedit-3.2-79.14.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libkdebase4-konsole-3.2-79.14.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libkdebase4-nsplugins-3.2-79.14.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libkdebase4-nsplugins-devel-3.2-79.14.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libkdecore4-3.2-36.6.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libkdecore4-devel-3.2-36.6.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/mandrakelinux-kde-config-file-10.1-6.1.100mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libqt3-3.2.3-19.5.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libqt3-devel-3.2.3-19.5.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libqt3-mysql-3.2.3-19.5.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libqt3-odbc-3.2.3-19.5.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libqt3-psql-3.2.3-19.5.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/qt3-common-3.2.3-19.5.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/qt3-example-3.2.3-19.5.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/kdebase-3.2-79.14.100mdk.src.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/kdelibs-3.2-36.6.100mdk.src.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/mandrakelinux-kde-config-file-10.1-6.1.100mdk.src.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/qt3-3.2.3-19.5.100mdk.src.rpm Mandrake Linux 10.0/AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kdebase-3.2-79.14.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kdebase-common-3.2-79.14.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kdebase-kate-3.2-79.14.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kdebase-kcontrol-data-3.2-79.14.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kdebase-kdeprintfax-3.2-79.14.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kdebase-kdm-3.2-79.14.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kdebase-kdm-config-file-3.2-79.14.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kdebase-kmenuedit-3.2-79.14.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kdebase-konsole-3.2-79.14.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kdebase-nsplugins-3.2-79.14.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kdebase-progs-3.2-79.14.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kdelibs-common-3.2-36.6.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64kdebase4-3.2-79.14.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64kdebase4-devel-3.2-79.14.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64kdebase4-kate-3.2-79.14.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64kdebase4-kate-devel-3.2-79.14.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64kdebase4-kmenuedit-3.2-79.14.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64kdebase4-konsole-3.2-79.14.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64kdebase4-nsplugins-3.2-79.14.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64kdebase4-nsplugins-devel-3.2-79.14.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64kdecore4-3.2-36.6.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64kdecore4-devel-3.2-36.6.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/mandrakelinux-kde-config-file-10.1-6.1.100mdk.noarch.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64qt3-3.2.3-19.5.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64qt3-devel-3.2.3-19.5.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64qt3-mysql-3.2.3-19.5.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64qt3-odbc-3.2.3-19.5.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64qt3-psql-3.2.3-19.5.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/qt3-common-3.2.3-19.5.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/qt3-example-3.2.3-19.5.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/kdebase-3.2-79.14.100mdk.src.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/kdelibs-3.2-36.6.100mdk.src.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/mandrakelinux-kde-config-file-10.1-6.1.100mdk.src.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/qt3-3.2.3-19.5.100mdk.src.rpm Mandrake Linux 10.1 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/kdebase-3.2.3-134.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/kdebase-common-3.2.3-134.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/kdebase-kate-3.2.3-134.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/kdebase-kcontrol-data-3.2.3-134.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/kdebase-kcontrol-nsplugins-3.2.3-134.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/kdebase-kdeprintfax-3.2.3-134.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/kdebase-kdm-3.2.3-134.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/kdebase-kdm-config-file-3.2.3-134.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/kdebase-kmenuedit-3.2.3-134.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/kdebase-konsole-3.2.3-134.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/kdebase-nsplugins-3.2.3-134.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/kdebase-progs-3.2.3-134.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/kdelibs-common-3.2.3-98.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libkdebase4-3.2.3-134.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libkdebase4-devel-3.2.3-134.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libkdebase4-kate-3.2.3-134.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libkdebase4-kate-devel-3.2.3-134.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libkdebase4-kmenuedit-3.2.3-134.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libkdebase4-konsole-3.2.3-134.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libkdecore4-3.2.3-98.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libkdecore4-devel-3.2.3-98.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/kdebase-3.2.3-134.3.101mdk.src.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/kdelibs-3.2.3-98.1.101mdk.src.rpm Mandrake Linux 10.1/X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/kdebase-3.2.3-134.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/kdebase-common-3.2.3-134.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/kdebase-kate-3.2.3-134.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/kdebase-kcontrol-data-3.2.3-134.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/kdebase-kcontrol-nsplugins-3.2.3-134.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/kdebase-kdeprintfax-3.2.3-134.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/kdebase-kdm-3.2.3-134.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/kdebase-kdm-config-file-3.2.3-134.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/kdebase-kmenuedit-3.2.3-134.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/kdebase-konsole-3.2.3-134.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/kdebase-nsplugins-3.2.3-134.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/kdebase-progs-3.2.3-134.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/kdelibs-common-3.2.3-98.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64kdebase4-3.2.3-134.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64kdebase4-devel-3.2.3-134.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64kdebase4-kate-3.2.3-134.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64kdebase4-kate-devel-3.2.3-134.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64kdebase4-kmenuedit-3.2.3-134.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64kdebase4-konsole-3.2.3-134.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64kdecore4-3.2.3-98.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64kdecore4-devel-3.2.3-98.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/kdebase-3.2.3-134.3.101mdk.src.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/kdelibs-3.2.3-98.1.101mdk.src.rpm |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CAN-2004-1171 |
BID | 11866 |
Recursos adicionales |
|
KDE Security Advisory (20041209-1) http://www.kde.org/info/security/advisory-20041209-1.txt |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2004-12-13 |
1.1 | Aviso emitido por Mandrake Linux (MDKSA-2004:150) | 2004-12-20 |