|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> SuSE Local Security Checks >> SUSE-SA:2002:042: kdenetwork Vulnerability Assessment Details
|
SUSE-SA:2002:042: kdenetwork |
||
Check for the version of the kdenetwork package Detailed Explanation for this Vulnerability Assessment The remote host is missing the patch for the advisory SUSE-SA:2002:042 (kdenetwork). During a security review, the SUSE security team has found two vulnerabilities in the KDE lanbrowsing service. LISa is used to identify CIFS and other servers on the local network, and consists of two main modules: 'lisa', a network daemon, and 'reslisa', a restricted version of the lisa daemon. LISa can be accessed in KDE using the URL type 'lan://', and resLISa using the URL type 'rlan://'. LISA will obtain information on the local network by looking for an existing LISA server on other local hosts, and if there is one, it retrieves the list of servers from it. If there is no other LISA server, it will scan the network itself. SUSE LINUX can be configured to run the lisa daemon at system boot time. The daemon is not started by default, however. The first vulnerability found is a buffer overflow in the lisa daemon, and can be exploited by a possible hacker on the local network to obtain root privilege on a machine running the lisa daemon. It is not exploitable on a default installation of SUSE LINUX, because the lisa daemon is not started by default. The second vulnerability is a buffer overflow in the lan:// URL handler. It can possibly be exploited by remote attackers to gain access to the victim user's account, for instance by causing the user to follow a bad lan:// link in a HTML document. This update provides fixes for SUSE LINUX 7.2 and 7.3. Previous updates already corrected the vulnerability in SUSE LINUX 8.0, and SUSE LINUX 8.1 contains the fix already. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command 'rpm -Fhv file.rpm' to apply the update. Solution : http://www.suse.de/security/2002_042_kdenetwork.html Network Security Threat Level: High Networks Security ID: Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security |
||
Cables, Connectors |
IBM 7944AC1 System x3550 M3 Server 1*Intel Xeon X5650 2.67GHz 4GB SEE NOTES
$27.25
IBM Power S822 12-Bay Server System Power8 Core 3.42Ghz DVD-Rom Drive 64GB No HD
$399.99
IBM Power 720 POWER7 00E6516 3.6GHz CPU 64GB RAM Server
$209.98
IBM SYSTEM x3200 M2 Server - HDD wiped, No OS
$75.00
$16000.00
IBM Lenovo X3650 M5 2U 8x 2.5” CTO Rack Server – 2x HS, 2x 750W
$199.00
IBM Power S822 8284-22A 12SFF Power8 3.89GHz 6-Core 64GB RAM No Bezel/HDD Server
$319.99
IBM System x3250 M4 Server Intel Xeon E3-1220 3.10GHz 8GB RAM No HDDs
$84.99
IBM 8203 E4A p520 Server 8203-E4A 4.2GHz 2-Core POWER6 32GB RAM / NO HDD USED
$99.99
IBM System X3650 Server M2 2 x Xeon X5570 2.93 Ghz w/128 GB/DVDRW
$169.99
|
||
No Discussions have been posted on this vulnerability. |