Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Red Hat Local Security Checks >> RHSA-2002-221: arts


Vulnerability Assessment Details

RHSA-2002-221: arts

Vulnerability Assessment Summary
Check for the version of the arts packages

Detailed Explanation for this Vulnerability Assessment


A number of vulnerabilities have been found that affect various versions of
KDE. This errata provides updates for these issues.

KDE is a graphical desktop environment for workstations. A number
of vulnerabilities have been found in various versions of KDE.

The SSL capability for Konqueror in KDE 3.0.2 and earlier does not
verify the Basic Constraints for an intermediate CA-signed certificate,
which permits remote attackers to spoof the certificates of trusted
sites via a man-in-the-middle attack. The Common Vulnerabilities and
Exposures project has assigned the name CVE-2002-0970 to this issue.

The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0
through 3.0.3 does not properly initialize the domains on sub-frames
and sub-iframes, which can permit remote attackers to execute scripts
and steal cookies from subframes that are in other domains. (CVE-2002-1151)

Multiple buffer overflows exist in the KDE LAN browsing implementation

the reslisa daemon contains a buffer overflow vulnerability which could
be exploited if the reslisa binary is SUID root. Additionally, the lisa
daemon contains a vulnerability which potentially enables any local
user, as well any any remote attacker on the LAN who is able to gain
control of the LISa port (7741 by default), to obtain root rights.
In Red Hat Linux reslisa is not SUID root and lisa services are not
automatically started. (CVE-2002-1247, CVE-2002-1306)

Red Hat Linux Advanced Server 2.1 provides KDE version 2.2.2 and is
therefore vulnerable to these issues. This errata provides new kdelibs and
kdenetworks packages which contain patches to correct these issues.

Please note that there is are two additional vulnerabilities that affect
KDE 2.x which are not fixed by this errata. A vulnerability in the rlogin
KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4
and earlier, permits local and remote attackers to execute arbitrary code
via a carefully crafted URL. (CVE-2002-1281). A similar vulnerability
affects the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and
later. (CVE-2002-1282)

At this time, Red Hat recommends disabling both the rlogin and telnet
KIO protocols as a workaround. To disable both protocols, execute
these commands while logged in as root:

rm /usr/share/services/rlogin.protocol
rm /usr/share/services/telnet.protocol




Solution : http://rhn.redhat.com/errata/RHSA-2002-221.html
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors


Knoppix 9.1 Live Linux GNU Bootable USB Flash Drive USA picture

Knoppix 9.1 Live Linux GNU Bootable USB Flash Drive USA

$14.77



Knoppix NSM 1.2 picture

Knoppix NSM 1.2

$16.00



Knoppix Live GNU Linux System 9.1 on Bootable CD / DVD / USB Flash Drive picture

Knoppix Live GNU Linux System 9.1 on Bootable CD / DVD / USB Flash Drive

$9.99



Hamshack Live DVD-ROM picture

Hamshack Live DVD-ROM

$12.00



Linux Knoppix 4.0.2 Installation Disc picture

Linux Knoppix 4.0.2 Installation Disc

$39.99



Knoppix Linux Bootable OS v8.6

Knoppix Linux Bootable OS v8.6 "Original Live Operating System" 16G USB Stick

$19.95



KNOPPIX 9.1 LINUX INSTALL & LIVE DVD picture

KNOPPIX 9.1 LINUX INSTALL & LIVE DVD

$9.99



Acer Aspire One 9 inch Netbook ZG5 512MB RAM 8GB SSD HD Knoppix Linux WiFi VGA picture

Acer Aspire One 9 inch Netbook ZG5 512MB RAM 8GB SSD HD Knoppix Linux WiFi VGA

$79.99



Knoppix Linux Bootable OS v8.6

Knoppix Linux Bootable OS v8.6 "Original Live Operating System" 32G USB Stick

$20.30



Discussions

No Discussions have been posted on this vulnerability.