FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0690

This CVE name corresponds to:

Entered Topic
2004-08-12 kdelibs insecure temporary file handling

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0690 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-0690
Phase Assigned(20040713)

Description

The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.

References

Source Reference
BUGTRAQ 20040811 KDE Security Advisories: Temporary File and Konqueror Frame Injection Vulnerabilities
CONFIRM http://www.kde.org/info/security/advisory-20040811-2.txt
MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261386
CONECTIVA CLA-2004:864
GENTOO 200408-13
MANDRAKE MDKSA-2004:086
CERT-VN VU#330638
BID 10924
SECUNIA 12276
XF kde-dcopserver-symlink(16962)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.