Detections
Analytics
Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2010:028)
high Nessus Plugin ID 48171
Language:
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
Multiple vulnerabilities was discovered and corrected in kdelibs4 :KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \'\0\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2702).
KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692 (CVE-2009-2537).
The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. (CVE-2009-0689).
The updated packages have been patched to correct these issues.
Solution
Update the affected packages.Plugin Details
Severity: High
ID: 48171
File Name: mandriva_MDVSA-2010-028.nasl
Version: 1.19
Type: local
Family: Mandriva Local Security Checks
Published: 7/30/2010
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.6
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:kdelibs4-core, p-cpe:/a:mandriva:linux:kdelibs4-devel, p-cpe:/a:mandriva:linux:lib64kde3support4, p-cpe:/a:mandriva:linux:lib64kdecore5, p-cpe:/a:mandriva:linux:lib64kdefakes5, p-cpe:/a:mandriva:linux:lib64kdesu5, p-cpe:/a:mandriva:linux:lib64kdeui5, p-cpe:/a:mandriva:linux:lib64kdnssd4, p-cpe:/a:mandriva:linux:lib64kfile4, p-cpe:/a:mandriva:linux:lib64khtml5, p-cpe:/a:mandriva:linux:lib64kimproxy4, p-cpe:/a:mandriva:linux:lib64kio5, p-cpe:/a:mandriva:linux:lib64kjs4, p-cpe:/a:mandriva:linux:lib64kjsapi4, p-cpe:/a:mandriva:linux:lib64kjsembed4, p-cpe:/a:mandriva:linux:lib64kmediaplayer4, p-cpe:/a:mandriva:linux:lib64knewstuff2_4, p-cpe:/a:mandriva:linux:lib64knotifyconfig4, p-cpe:/a:mandriva:linux:lib64kntlm4, p-cpe:/a:mandriva:linux:lib64kparts4, p-cpe:/a:mandriva:linux:lib64kpty4, p-cpe:/a:mandriva:linux:lib64krosscore4, p-cpe:/a:mandriva:linux:lib64krossui4, p-cpe:/a:mandriva:linux:lib64ktexteditor4, p-cpe:/a:mandriva:linux:lib64kunittest4, p-cpe:/a:mandriva:linux:lib64kutils4, p-cpe:/a:mandriva:linux:lib64nepomuk4, p-cpe:/a:mandriva:linux:lib64plasma3, p-cpe:/a:mandriva:linux:lib64solid4, p-cpe:/a:mandriva:linux:lib64threadweaver4, p-cpe:/a:mandriva:linux:libkde3support4, p-cpe:/a:mandriva:linux:libkdecore5, p-cpe:/a:mandriva:linux:libkdefakes5, p-cpe:/a:mandriva:linux:libkdesu5, p-cpe:/a:mandriva:linux:libkdeui5, p-cpe:/a:mandriva:linux:libkdnssd4, p-cpe:/a:mandriva:linux:libkfile4, p-cpe:/a:mandriva:linux:libkhtml5, p-cpe:/a:mandriva:linux:libkimproxy4, p-cpe:/a:mandriva:linux:libkio5, p-cpe:/a:mandriva:linux:libkjs4, p-cpe:/a:mandriva:linux:libkjsapi4, p-cpe:/a:mandriva:linux:libkjsembed4, p-cpe:/a:mandriva:linux:libkmediaplayer4, p-cpe:/a:mandriva:linux:libknewstuff2_4, p-cpe:/a:mandriva:linux:libknotifyconfig4, p-cpe:/a:mandriva:linux:libkntlm4, p-cpe:/a:mandriva:linux:libkparts4, p-cpe:/a:mandriva:linux:libkpty4, p-cpe:/a:mandriva:linux:libkrosscore4, p-cpe:/a:mandriva:linux:libkrossui4, p-cpe:/a:mandriva:linux:libktexteditor4, p-cpe:/a:mandriva:linux:libkunittest4, p-cpe:/a:mandriva:linux:libkutils4, p-cpe:/a:mandriva:linux:libnepomuk4, p-cpe:/a:mandriva:linux:libplasma3, p-cpe:/a:mandriva:linux:libsolid4, p-cpe:/a:mandriva:linux:libthreadweaver4, cpe:/o:mandriva:linux:2010.0
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 1/27/2010