Vulnerability Bulletins

int(1430)

Vulnerability Bulletins

Vulnerabilidad en KPPP
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Integridad
Dificulty	Avanzado
Required attacker level	Acceso remoto con cuenta
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	KDE <=3.1.5
Description
Se ha descubierto una vulnerabilidad en la versión 3.1.5 y anteriores de KDE. La vulnerabilidad reside en la aplicación kppp que falla a la hora de cerrar descriptores de archivos privilegiados. La explotación de esta vulnerabilidad podría permitir a un atacante local modificar los archivos /etc/hosts y /etc/resolv.conf con lo que podría alterar la configuración de resolución de nombres del sistema.
Solution
Actualización de software KDE KDE 3.1 - Parche ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.5-kdenetwork.diff Red Hat Linux Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor https://rhn.redhat.com/ Debian Linux Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2-14.7.dsc http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2-14.7.diff.gz http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_alpha.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_alpha.deb ARM http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_arm.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_i386.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_ia64.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_ia64.deb HP Precision http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_hppa.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_m68k.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_mips.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_mipsel.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_powerpc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_s390.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_sparc.deb http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_sparc.deb
Standar resources
Property	Value
CVE	CAN-2005-0205
BID
Other resources
iDEFENSE Security Advisory 02.28.05 ID 208 http://www.idefense.com/application/poi/display?id=208&type=vulnerabilities KDE Security Advisory http://www.kde.org/info/security/advisory-20050228-1.txt Red Hat Security Advisory RHSA-2005:175-06 https://rhn.redhat.com/errata/RHSA-2005-175.html Debian Security Advisory DSA 692-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00071.html

Version history
Version	Comments	Date
1.0	Aviso emitido	2005-03-01
1.1	Aviso emitido por Red Hat (Advisory RHSA-2005:175-06)	2005-03-04
1.2	Aviso emitido por Debian (DSA 692-1)	2005-03-09

Vulnerability Bulletins

Vulnerabilidad en KPPP

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history