Vulnerability Name:

CVE-2005-0205 (CCN-19524)

Assigned:2005-02-28
Published:2005-02-28
Updated:2017-10-11
Summary:KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: KDE Security patch ftp site
KDE Security patch ftp index

Source: MITRE
Type: CNA
CVE-2005-0205

Source: CONECTIVA
Type: Patch
CLA-2005:934

Source: CCN
Type: KDE Web site
K Desktop Environment

Source: CCN
Type: RHSA-2005-175
kdenetwork security update

Source: CCN
Type: CIAC INFORMATION BULLETIN P-151
kdenetwork Package Vulnerability

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-692

Source: DEBIAN
Type: DSA-692
kdenetwork -- design flaw

Source: IDEFENSE
Type: Patch, Vendor Advisory
20050228 KPPP Privileged File Descriptor Leak Vulnerability

Source: CCN
Type: iDEFENSE Security Advisory: 02.28.05
KPPP Privileged File Descriptor Leak Vulnerability

Source: CCN
Type: KDE Security Advisory 20050228-1
kppp Privileged fd Leak Vulnerability

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.kde.org/info/security/advisory-20050228-1.txt

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2005:175

Source: CCN
Type: BID-12677
KPPP Privileged File Descriptor Leakage Vulnerability

Source: XF
Type: UNKNOWN
kde-kppp-domain-resolution-hijack(19524)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9596

Vulnerable Configuration:Configuration 1:
  • cpe:/o:bernd_wuebben:kppp:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.1.3:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.1.4:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.1.5:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:kde:kde:3.1.5:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:9596
    V
    		zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations.
    2013-04-29
    oval:org.debian:def:692
    V
    		design flaw
    2005-03-08
    oval:com.redhat.rhsa:def:20050175
    P
    		RHSA-2005:175: kdenetwork security update (Low)
    2005-03-03
    BACK
    bernd_wuebben kppp 2.1.2
    kde kde 3.1
    kde kde 3.1.1
    kde kde 3.1.2
    kde kde 3.1.3
    kde kde 3.1.4
    kde kde 3.1.5
    kde kde 3.1.5
    debian debian linux 3.0
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat linux advanced workstation 2.1