KDE Kommander未明任意脚本执行漏洞

漏洞信息详情

KDE Kommander未明任意脚本执行漏洞

• CNNVD编号：CNNVD-200504-084
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2005-0754
  
• 漏洞类型：
  
  
  资料不足
  
• 发布时间：
  
  2005-04-22
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  ubuntu
• 漏洞来源：
  Dirk Mueller muel…

Kommander是一款用于编辑和解释虚拟对话框并执行对话框操作附带脚本的虚拟编辑器和解释器。

Kommander未经用户确认便执行不可信任位置的数据文件。

由于这些文件可能包含有代码，因此用户可能无意中执行任意代码。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

KDE KDE 3.3

Fedora kdewebdev-3.3.1-2.1.i386.rpm

RedHat Fedora Core 3

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora kdewebdev-3.3.1-2.1.x86_64.rpm

RedHat Fedora Core 3

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora kdewebdev-debuginfo-3.3.1-2.1.i386.rpm

RedHat Fedora Core 3

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora kdewebdev-debuginfo-3.3.1-2.1.x86_64.rpm

RedHat Fedora Core 3

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora kdewebdev-devel-3.3.1-2.1.i386.rpm

RedHat Fedora Core 3

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora kdewebdev-devel-3.3.1-2.1.x86_64.rpm

RedHat Fedora Core 3

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

KDE KDE 3.3.2

KDE post-3.3.2-kdewebdev-kommander.diff

ftp://ftp.kde.org/pub/kde/security_patches/post-3.3.2-kdewebdev-komman der.diff

KDE KDE 3.4

KDE post-3.4.0-kdewebdev-kommander.diff

ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.0-kdewebdev-komman der.diff

Ubuntu kdewebdev-doc-html_3.4.0-0ubuntu2.2_all.deb

Ubuntu 5.04 (Hoary Hedgehog)

http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kdewebdev- doc-html_3.4.0-0ubuntu2.2_all.deb

Ubuntu kdewebdev_3.4.0-0ubuntu2.2_all.deb

Ubuntu 5.04 (Hoary Hedgehog)

http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kdewebdev_3.4. 0-0ubuntu2.2_all.deb

Ubuntu kfilereplace_3.4.0-0ubuntu2.2_amd64.deb

Ubuntu 5.04 (Hoary Hedgehog)

http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kfilereplace_3 .4.0-0ubuntu2.2_amd64.deb

Ubuntu kfilereplace_3.4.0-0ubuntu2.2_i386.deb

Ubuntu 5.04 (Hoary Hedgehog)

http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kfilereplace_3 .4.0-0ubuntu2.2_i386.deb

Ubuntu kfilereplace_3.4.0-0ubuntu2.2_powerpc.deb

Ubuntu 5.04 (Hoary Hedgehog)

http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kfilereplace_3 .4.0-0ubuntu2.2_powerpc.deb

Ubuntu kimagemapeditor_3.4.0-0ubuntu2.2_amd64.deb

Ubuntu 5.04 (Hoary Hedgehog)

http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kimagemapedito r_3.4.0-0ubuntu2.2_amd64.deb

Ubuntu kimagemapeditor_3.4.0-0ubuntu2.2_i386.deb

Ubuntu 5.04 (Hoary Hedgehog)

http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kimagemapedito r_3.4.0-0ubuntu2.2_i386.deb

Ubuntu kimagemapeditor_3.4.0-0ubuntu2.2_powerpc.deb

Ubuntu 5.04 (Hoary Hedgehog)

http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kimagemapedito r_3.4.0-0ubuntu2.2_powerpc.deb

Ubuntu klinkstatus_3.4.0-0ubuntu2.2_amd64.deb

Ubuntu 5.04 (Hoary Hedgehog)

http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/klinkstatus_3. 4.0-0ubuntu2.2_amd64.deb

Ubuntu klinkstatus_3.4.0-0ubuntu2.2_i386.deb

Ubuntu 5.04 (Hoary Hedgehog)

http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/klinkstatus_3. 4.0-0ubuntu2.2_i386.deb

Ubuntu klinkstatus_3.4.0-0ubuntu2.2_powerpc.deb

Ubuntu 5.04 (Hoary Hedgehog)

http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/klinkstatus_3. 4.0-0ubuntu2.2_powerpc.deb

Ubuntu kommander-dev_3.4.0-0ubuntu2.2_amd64.deb

Ubuntu 5.04 (Hoary Hedgehog)

http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kommander- dev_3.4.0-0ubuntu2.2_amd64.deb

Ubuntu kommander-dev_3.4.0-0ubuntu2.2_i386.deb

Ubuntu 5.04 (Hoary Hedgehog)

http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kommander- dev_3.4.0-0ubuntu2.2_i386.deb

Ubuntu kommander-dev_3.4.0-0ubuntu2.2_powerpc.deb

Ubuntu 5.04 (Hoary Hedgehog)

http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kommander- dev_3.4.0-0ubuntu2.2_powerpc.deb

Ubuntu kommander_3.4.0-0ubuntu2.2_amd64.deb

Ubuntu 5.04 (Hoary Hedgehog)

http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kommander_3.4. 0-0ubuntu2.2_amd64.deb

Ubuntu kommander_3.4.0-0ubuntu2.2_i386.deb

Ubuntu 5.04 (Hoary Hedgehog)

http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kommander_3.4. 0-0ubuntu2.2_i386.deb

Ubuntu kommander_3.4.0-0ubuntu2.2_powerpc.deb

Ubuntu 5.04 (Hoary Hedgehog)

http://security.ubuntu.com/ubuntu/pool/main/k/kdewebd

来源: BID

名称: 13313

链接:http://www.securityfocus.com/bid/13313

来源: www.kde.org

链接:http://www.kde.org/info/security/advisory-20050420-1.txt

来源: SECUNIA

名称: 15060

链接:http://secunia.com/advisories/15060

来源: BUGTRAQ

名称: 20050422 [KDE Security Advisory]: Kommander untrusted code execution

链接:http://marc.theaimsgroup.com/?l=bugtraq&m=111419664411051&w=2

来源: tp.kde.org

链接:ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.0-kdewebdev-kommander.diff