Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> SuSE Local Security Checks >> SUSE-SA:2002:042: kdenetwork


Vulnerability Assessment Details

SUSE-SA:2002:042: kdenetwork

Vulnerability Assessment Summary
Check for the version of the kdenetwork package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory SUSE-SA:2002:042 (kdenetwork).


During a security review, the SUSE security team has found two
vulnerabilities in the KDE lanbrowsing service.

LISa is used to identify CIFS and other servers on the local
network, and consists of two main modules: 'lisa', a network daemon,
and 'reslisa', a restricted version of the lisa daemon. LISa can
be accessed in KDE using the URL type 'lan://', and resLISa using
the URL type 'rlan://'.

LISA will obtain information on the local network by looking for
an existing LISA server on other local hosts, and if there is one,
it retrieves the list of servers from it. If there is no other LISA
server, it will scan the network itself.

SUSE LINUX can be configured to run the lisa daemon at system boot
time. The daemon is not started by default, however.

The first vulnerability found is a buffer overflow in the lisa
daemon, and can be exploited by a possible hacker on the local network
to obtain root privilege on a machine running the lisa daemon.
It is not exploitable on a default installation of SUSE LINUX,
because the lisa daemon is not started by default.

The second vulnerability is a buffer overflow in the lan:// URL
handler. It can possibly be exploited by remote attackers to gain
access to the victim user's account, for instance by causing the
user to follow a bad lan:// link in a HTML document.

This update provides fixes for SUSE LINUX 7.2 and 7.3. Previous
updates already corrected the vulnerability in SUSE LINUX 8.0,
and SUSE LINUX 8.1 contains the fix already.

Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command 'rpm -Fhv file.rpm' to apply
the update.

Solution : http://www.suse.de/security/2002_042_kdenetwork.html
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors


1PC Matching pair Xeon CPU Processor X5660 X5670 X5675 X5680 X5690 LGA1366 picture

1PC Matching pair Xeon CPU Processor X5660 X5670 X5675 X5680 X5690 LGA1366

$35.13



Intel - Core i9-12900K Desktop Processor 16 (8P+8E) Cores up to 5.2 GHz Unloc... picture

Intel - Core i9-12900K Desktop Processor 16 (8P+8E) Cores up to 5.2 GHz Unloc...

$331.99



Intel - Core i7-12700K Desktop Processor 12 (8P+4E) Cores up to 5.0 GHz Unloc... picture

Intel - Core i7-12700K Desktop Processor 12 (8P+4E) Cores up to 5.0 GHz Unloc...

$236.99



Intel 6 Core i5-8600 3.1GHZ Desktop Processor SR3X0 picture

Intel 6 Core i5-8600 3.1GHZ Desktop Processor SR3X0

$50.00



Intel - Core i9-14900K 14th Gen 24-Core 32-Thread - 4.4GHz (6.0GHz Turbo) Soc... picture

Intel - Core i9-14900K 14th Gen 24-Core 32-Thread - 4.4GHz (6.0GHz Turbo) Soc...

$539.99



Intel Core i5-6500 Quad-Core Processor 3.2 GHz 6MB LGA1151 picture

Intel Core i5-6500 Quad-Core Processor 3.2 GHz 6MB LGA1151

$23.99



Intel - Core i7-14700K 14th Gen 20-Core 28-Thread - 4.3GHz (5.6GHz Turbo) Soc... picture

Intel - Core i7-14700K 14th Gen 20-Core 28-Thread - 4.3GHz (5.6GHz Turbo) Soc...

$399.99



Intel - Core i9-13900K 13th Gen 24 cores 8 P-cores + 16 E-cores 36M Cache, 3 ... picture

Intel - Core i9-13900K 13th Gen 24 cores 8 P-cores + 16 E-cores 36M Cache, 3 ...

$519.99



Intel Core i3-12100F Processor (4.3 GHz, 4 Cores, LGA 1700) Box - BX8071512100F picture

Intel Core i3-12100F Processor (4.3 GHz, 4 Cores, LGA 1700) Box - BX8071512100F

$83.50



AMD EPYC 7282 cpu processor 16 cores 32 threads 2.8GHZ up to 3.2GHZ 120w picture

AMD EPYC 7282 cpu processor 16 cores 32 threads 2.8GHZ up to 3.2GHZ 120w

$78.00



Discussions

No Discussions have been posted on this vulnerability.