Rapid7 Vulnerability & Exploit Database

RHSA-2002:220: Updated KDE packages fix security issues

Back to Search

RHSA-2002:220: Updated KDE packages fix security issues

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
11/29/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

A number of vulnerabilities have been found that affect various versions of KDE. This errata provides updates which resolve these issues.

KDE is a graphical desktop environment for the X Window System. A number of vulnerabilities have been found in various versions of KDE. The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate. This allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. The Common Vulnerabilities and Exposures project has assigned the name CAN-2002-0970 to this issue. Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, potentially allowing remote attackers to steal the cookie via sniffing. (CAN-2002-1152) The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute scripts and steal cookies from subframes that are in other domains. (CAN-2002-1151) kpf is a file sharing utility that can be docked into the KDE kicker bar. It uses a subset of the HTTP protocol internally and acts in a manner very similar to a Web server. A feature added in KDE 3.0.1 accidentally allowed retrieving any file, not limited to the configured shared directory, if it is readable by the user under which kpf runs. (CAN-2002-1224) KGhostview includes a parser from GSview, which is vulnerable to a buffer overflow while parsing a specially crafted .ps input file. (CAN-2002-1223). It also contains code from gv 3.5.x which is vulnerable to another buffer overflow triggered by malformed postscript or Adobe PDF files. (CAN-2002-0838) A vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a carefully crafted URL. The Common Vulnerabilities and Exposures project has assigned the name CAN-2002-1281 to this issue. A similar vulnerability affects KDE version 2.x through the telnet KIO subsystem (telnet.protocol). (CAN-2002-1282) Multiple buffer overflows exist in the KDE LAN browsing implementation; the resLISa daemon contains a buffer overflow vulnerability which could be exploited if the reslisa binary is SUID root. Additionally, the lisa daemon contains a vulnerability which potentially enables any local user, as well any any remote attacker on the LAN who is able to gain control of the LISa port (7741 by default), to obtain root privileges. In Red Hat Linux, reslisa is not SUID root and lisa services are not automatically started. (CAN-2002-1247, CAN-2002-1306) Red Hat Linux 8.0 shipped with KDE 3.0.3 and is therefore vulnerable to CAN-2002-0838, CAN-2002-1151, CAN-2002-1223, CAN-2002-1224, CAN-2002-1247, and CAN-2002-1281. This errata includes new kdelibs and kdenetwork packages which contain patches to correct these issues. Red Hat Linux 7.3 shipped with KDE 3.0.0 and is therefore vulnerable to CAN-2002-0838, CAN-2002-0970, CAN-2002-1151, CAN-2002-1152, CAN-2002-1223, CAN-2002-1247, CAN-2002-1281, and CAN-2002-1306. This errata upgrades Red Hat Linux 7.3 to KDE 3.0.3 with patches to correct these issues. Red Hat Linux 7.2 shipped with KDE version 2.2.2 and is therefore vulnerable to CAN-2002-0838, CAN-2002-0970, CAN-2002-1151, CAN-2002-1223, CAN-2002-1247, and CAN-2002-1306. This errata provides new kdelibs and kdenetwork packages which contain patches to correct these issues. Red Hat Linux 7.2 is also vulnerable to CAN-2002-1281 and CAN-2002-1282 but these vulnerabilities are not fixed by these errata packages. At the present time Red Hat recommends disabling both the rlogin and telnet KIO protocols as a workaround. To disable both protocols, execute these commands: rm /usr/share/services/rlogin.protocol rm /usr/share/services/telnet.protocol

Solution(s)

  • redhat-upgrade-ark
  • redhat-upgrade-arts
  • redhat-upgrade-arts-devel
  • redhat-upgrade-cervisia
  • redhat-upgrade-kaboodle
  • redhat-upgrade-kamera
  • redhat-upgrade-karm
  • redhat-upgrade-kcalc
  • redhat-upgrade-kcharselect
  • redhat-upgrade-kcoloredit
  • redhat-upgrade-kde-i18n-afrikaans
  • redhat-upgrade-kde-i18n-brazil
  • redhat-upgrade-kde-i18n-british
  • redhat-upgrade-kde-i18n-catalan
  • redhat-upgrade-kde-i18n-chinese
  • redhat-upgrade-kde-i18n-chinese-big5
  • redhat-upgrade-kde-i18n-czech
  • redhat-upgrade-kde-i18n-danish
  • redhat-upgrade-kde-i18n-dutch
  • redhat-upgrade-kde-i18n-estonian
  • redhat-upgrade-kde-i18n-finnish
  • redhat-upgrade-kde-i18n-french
  • redhat-upgrade-kde-i18n-german
  • redhat-upgrade-kde-i18n-greek
  • redhat-upgrade-kde-i18n-hebrew
  • redhat-upgrade-kde-i18n-hungarian
  • redhat-upgrade-kde-i18n-icelandic
  • redhat-upgrade-kde-i18n-italian
  • redhat-upgrade-kde-i18n-japanese
  • redhat-upgrade-kde-i18n-korean
  • redhat-upgrade-kde-i18n-norwegian
  • redhat-upgrade-kde-i18n-norwegian-nynorsk
  • redhat-upgrade-kde-i18n-polish
  • redhat-upgrade-kde-i18n-portuguese
  • redhat-upgrade-kde-i18n-romanian
  • redhat-upgrade-kde-i18n-russian
  • redhat-upgrade-kde-i18n-serbian
  • redhat-upgrade-kde-i18n-slovak
  • redhat-upgrade-kde-i18n-slovenian
  • redhat-upgrade-kde-i18n-spanish
  • redhat-upgrade-kde-i18n-swedish
  • redhat-upgrade-kde-i18n-turkish
  • redhat-upgrade-kde-i18n-ukrainian
  • redhat-upgrade-kdeaddons-kate
  • redhat-upgrade-kdeaddons-kicker
  • redhat-upgrade-kdeaddons-knewsticker
  • redhat-upgrade-kdeaddons-konqueror
  • redhat-upgrade-kdeaddons-noatun
  • redhat-upgrade-kdeadmin
  • redhat-upgrade-kdeartwork
  • redhat-upgrade-kdeartwork-kworldclock
  • redhat-upgrade-kdeartwork-locolor
  • redhat-upgrade-kdeartwork-screensavers
  • redhat-upgrade-kdebase
  • redhat-upgrade-kdebase-devel
  • redhat-upgrade-kdebindings
  • redhat-upgrade-kdebindings-devel
  • redhat-upgrade-kdebindings-kmozilla
  • redhat-upgrade-kdegames
  • redhat-upgrade-kdegames-devel
  • redhat-upgrade-kdegraphics
  • redhat-upgrade-kdegraphics-devel
  • redhat-upgrade-kdelibs
  • redhat-upgrade-kdelibs-devel
  • redhat-upgrade-kdelibs-sound
  • redhat-upgrade-kdelibs-sound-devel
  • redhat-upgrade-kdemultimedia-arts
  • redhat-upgrade-kdemultimedia-devel
  • redhat-upgrade-kdemultimedia-kfile
  • redhat-upgrade-kdemultimedia-libs
  • redhat-upgrade-kdenetwork
  • redhat-upgrade-kdenetwork-devel
  • redhat-upgrade-kdenetwork-libs
  • redhat-upgrade-kdenetwork-ppp
  • redhat-upgrade-kdepasswd
  • redhat-upgrade-kdepim
  • redhat-upgrade-kdepim-cellphone
  • redhat-upgrade-kdepim-devel
  • redhat-upgrade-kdepim-pilot
  • redhat-upgrade-kdesdk-gimp
  • redhat-upgrade-kdesdk-kapptemplate
  • redhat-upgrade-kdesdk-kbabel
  • redhat-upgrade-kdesdk-kbugbuster
  • redhat-upgrade-kdesdk-kmtrace
  • redhat-upgrade-kdesdk-kompare
  • redhat-upgrade-kdesdk-kspy
  • redhat-upgrade-kdessh
  • redhat-upgrade-kdetoys
  • redhat-upgrade-kdeutils-laptop
  • redhat-upgrade-kdevelop
  • redhat-upgrade-kdf
  • redhat-upgrade-kdict
  • redhat-upgrade-kdvi
  • redhat-upgrade-kedit
  • redhat-upgrade-keduca
  • redhat-upgrade-kfax
  • redhat-upgrade-kfile-pdf
  • redhat-upgrade-kfile-png
  • redhat-upgrade-kfloppy
  • redhat-upgrade-kfract
  • redhat-upgrade-kgeo
  • redhat-upgrade-kghostview
  • redhat-upgrade-khexedit
  • redhat-upgrade-kiconedit
  • redhat-upgrade-kit
  • redhat-upgrade-kjots
  • redhat-upgrade-klettres
  • redhat-upgrade-kljettool
  • redhat-upgrade-klpq
  • redhat-upgrade-klprfax
  • redhat-upgrade-kmail
  • redhat-upgrade-kmessedwords
  • redhat-upgrade-kmid
  • redhat-upgrade-kmidi
  • redhat-upgrade-kmix
  • redhat-upgrade-knewsticker
  • redhat-upgrade-knode
  • redhat-upgrade-knotes
  • redhat-upgrade-koncd
  • redhat-upgrade-kooka
  • redhat-upgrade-korn
  • redhat-upgrade-kpaint
  • redhat-upgrade-kpf
  • redhat-upgrade-kppp
  • redhat-upgrade-kregexpeditor
  • redhat-upgrade-kregexpeditor-devel
  • redhat-upgrade-kruler
  • redhat-upgrade-kscd
  • redhat-upgrade-ksirc
  • redhat-upgrade-ksnapshot
  • redhat-upgrade-kstars
  • redhat-upgrade-ktalkd
  • redhat-upgrade-ktimer
  • redhat-upgrade-ktouch
  • redhat-upgrade-kuickshow
  • redhat-upgrade-kview
  • redhat-upgrade-kviewshell
  • redhat-upgrade-kviewshell-devel
  • redhat-upgrade-kvoctrain
  • redhat-upgrade-kxmlrpcd
  • redhat-upgrade-libkscan
  • redhat-upgrade-libkscan-devel
  • redhat-upgrade-lisa
  • redhat-upgrade-noatun
  • redhat-upgrade-qt
  • redhat-upgrade-qt-designer
  • redhat-upgrade-qt-devel
  • redhat-upgrade-qt-mysql
  • redhat-upgrade-qt-odbc
  • redhat-upgrade-qt-postgresql
  • redhat-upgrade-qt-static
  • redhat-upgrade-qt-xt

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;