KDE KPF Icon选项文件泄露漏洞

漏洞信息详情

KDE KPF Icon选项文件泄露漏洞

• CNNVD编号：CNNVD-200210-283
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2002-1224
  
• 漏洞类型：
  
  
  路径遍历
  
• 发布时间：
  
  2002-10-28
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-13
  
• 厂        商：
  
  kde
• 漏洞来源：
  Vulnerability anno…

KDE 3.0.1版本到KDE 3.0.3a版本的kpf存在目录遍历漏洞。远程攻击者可以借助带修改的icon参数的URL作为kpf用户读取任意文件。

RedHat has released an advisory, RHSA-2002:220-40, that contains many fixes. Information about obtaining and applying fixes are available in the referenced advisory.
A patch is available and the issue has been addressed in the latest KDE release:
KDE KDE 3.0.1

• KDE KDE 3.0.4
  
  http://download.kde.org/stable/3.0.4

KDE KDE 3.0.2

• KDE KDE 3.0.4
  
  http://download.kde.org/stable/3.0.4

KDE KDE 3.0.3

• KDE KDE 3.0.4
  
  http://download.kde.org/stable/3.0.4
• KDE post-3.0.3-kdenetwork-kpf.diff
  ftp://ftp.kde.org/pub/kde/security_patches

KDE KDE 3.0.3 a

• KDE KDE 3.0.4
  
  http://download.kde.org/stable/3.0.4
• KDE post-3.0.3-kdenetwork-kpf.diff
  ftp://ftp.kde.org/pub/kde/security_patches

来源: BID
名称: 5951
链接:http://www.securityfocus.com/bid/5951

来源: www.kde.org
链接:http://www.kde.org/info/security/advisory-20021008-2.txt

来源: BUGTRAQ
名称: 20021009 KDE Security Advisory: kpf Directory traversal
链接:http://archives.neohapsis.com/archives/bugtraq/2002-10/0164.html

来源: XF
名称: kpf-icon-view-files(10347)
链接:http://www.iss.net/security_center/static/10347.php

来源: REDHAT
名称: RHSA-2002:220
链接:http://www.redhat.com/support/errata/RHSA-2002-220.html

来源: BUGTRAQ
名称: 20021011 Security hole in kpf – KDE personal fileserver.
链接:http://online.securityfocus.com/archive/1/294991