CVE-2004-0689
https://notcve.org/view.php?id=CVE-2004-0689
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files. KDE 3.3.0 no maneja adecuadamente ciertos enlaces simbólicos que apuntan a localizaciones "gastadas", lo que podría permitir a usaurios locales crear o truncar ficheros arbitrarios. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 http://marc.info/?l=bugtraq&m=109225538901170&w=2 http://secunia.com/advisories/12276 http://security.gentoo.org/glsa/glsa-200408-13.xml http://www.debian.org/security/2004/dsa-539 http://www.kde.org/info/security/advisory-20040811-1.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/16963 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9334 https://access.redhat.com/se • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2003-0692
https://notcve.org/view.php?id=CVE-2003-0692
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session. KDM en KDE 3.1.3 y anteriores usa un algoritmo de generación de galletita (cookie) de sesión débil, que no tiene 128 bits de entropía, lo que permite a atacantes adivinar galletitas de sesión mediante métodos de fuerza bruta y ganar acceso a la sesión del usuario. • http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 http://marc.info/?l=bugtraq&m=106374551513499&w=2 http://www.debian.org/security/2003/dsa-388 http://www.kde.org/info/security/advisory-20030916-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2003:091 http://www.redhat.com/support/errata/RHSA-2003-270.html http://www.redhat.com/support/errata/RHSA-2003-288.html https •
CVE-2003-0690
https://notcve.org/view.php?id=CVE-2003-0690
KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module. KDM en KDE 3.1.3 y anteriores no verifica si la llamada a la función pam_setcred tiene éxito, lo que podría permitir a atacantes ganar privilegios de root disparando condiciones de error en módulo PAM, como se demostró en ciertas configuraciones del módulo pam_krb5 del MIT. • http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 http://marc.info/?l=bugtraq&m=106374551513499&w=2 http://www.debian.org/security/2003/dsa-388 http://www.debian.org/security/2004/dsa-443 http://www.kde.org/info/security/advisory-20030916-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2003:091 http://www.redhat.com/support/errata/RHSA-2003-270.html http://www. •
CVE-2003-0370
https://notcve.org/view.php?id=CVE-2003-0370
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. Konqueror Embedded y KDE 2.2.2 y anteriores no validan el campo Common Name (CN) en certificados X.509, lo que permitiría que atacantes remotos falsifiquen certificados mediante un ataque "man-in-the-middle". • http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html http://www.debian.org/security/2003/dsa-361 http://www.kde.org/info/security/advisory-20030602-1.txt http://www.redhat.com/support/errata/RHSA-2003-192.html http://www.redhat.com/support/errata/RHSA-2003-193.html http://www.securityfocus.com/archive/1/320707 http://www.securityfocus.com/bid/7520 http://www.turbolinux.com/security/TLSA-2003-36.txt https://access.redhat.com/security/cve/CVE-2003 •
CVE-2002-1223
https://notcve.org/view.php?id=CVE-2002-1223
Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file. Desbordamiento de búfer en el procesador (parser) DSC 3.0 de GSView usado en KGhostView en KDE 1.1 y KDE 3.0.3a, puede permitir a atacantes causar una denegación de servicio o ejecutar código arbitrario mediante un fichero de entrada PostScript (.ps) modificado. • http://archives.neohapsis.com/archives/bugtraq/2002-10/0163.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1 http://www.ciac.org/ciac/bulletins/n-155.shtml http://www.iss.net/security_center/static/11319.php http://www.kde.org/info/security/advisory-20021008-1.txt http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:071 http://www.redhat.com/support/errata/RHSA-2002-220.html •