Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2005-0205

Published: 02/05/2005 Updated: 11/10/2017
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Kde

Vulnerability Summary

KPPP 2.1.2 in KDE 3.1.5 and previous versions, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp.

Vulnerable Product Search on Vulmon Subscribe to Product

kde kde 3.1.1

kde kde 3.1.2

bernd wuebben kppp 2.1.2

kde kde 3.1

kde kde 3.1.3

kde kde 3.1.4

kde kde 3.1.5

Vendor Advisories

Red Hat: kdenetwork security update
Synopsis kdenetwork security update Type/Severity Security Advisory: Low Topic Updated kdenetwork packages that fix a file descriptor leak are now availableThis update has been rated as having low security impact by the Red HatSecurity Response Team Description The kdenetwork packages cont ...
Debian Security Advisories: DSA-692-1 kdenetwork -- design flaw
The KDE team fixed a bug in kppp in 2002 which was now discovered to be exploitable by iDEFENSE By opening a sufficiently large number of file descriptors before executing kppp which is installed setuid root a local attacker is able to take over privileged file descriptors For the stable distribution (woody) this problem has been fixed in version ...

References

NVD-CWE-Otherhttp://www.idefense.com/application/poi/display?id=208&type=vulnerabilitieshttp://www.kde.org/info/security/advisory-20050228-1.txthttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000934http://www.debian.org/security/2005/dsa-692http://www.redhat.com/support/errata/RHSA-2005-175.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9596https://access.redhat.com/errata/RHSA-2005:175https://nvd.nist.govhttps://www.debian.org/security/./dsa-692
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook