7.2

CVE-2005-2494

kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KdeKde Version3.2.0
KdeKde Version3.2.1
KdeKde Version3.2.2
KdeKde Version3.2.3
KdeKde Version3.3.0
KdeKde Version3.3.1
KdeKde Version3.3.2
KdeKde Version3.4.0
KdeKde Version3.4.1
KdeKde Version3.4.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.44% 0.351
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.2-kdebase-kcheckpass.diff
Patch
http://marc.info/?l=bugtraq&m=112603999215453&w=2
http://marc.info/?l=bugtraq&m=112611555928169&w=2
http://secunia.com/advisories/16692
http://secunia.com/advisories/18139
http://secunia.com/advisories/21481
http://www.debian.org/security/2005/dsa-815
http://www.kde.org/info/security/advisory-20050905-1.txt
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:160
http://www.redhat.com/support/errata/RHSA-2006-0582.html
http://www.securityfocus.com/bid/14736
http://www.suresec.org/advisories/adv6.pdf
http://www.ubuntu.com/usn/usn-176-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9388