Press CTRL-D to bookmark us
Welcome Guest Login / Register / Members
Search in  
Top Submit newsSubscribe
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
 

 Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?
 
 KDE May Disclose SMB Passwords to Remote Users Via URLs
Categorie: Vulnerability
Posted: 2004-12-11 by ReCall
Views: 408
Source: Click here
 		Current Rating: Not rated
Poor Best
 Details
Description: A vulnerability was reported in KDE. Passwords may be disclosed via URLs.

The vendor reported that when a user creates a link to a remote file using various KDE applications, the resulting link may include authentication credentials for the remote system. This may include Samba passwords for files located on SMB servers.

The password for SMB protocol URLs is always addded in plaintext to the URL in the link reference file ('*.desktop' file).

Daniel Fabian is credited with reporting this flaw.

The vendor's original advisory is available at:

http://www.kde.org/info/security/advisory-20041209-1.txt

The original SEC Consult advisory is available at:

http://www.sec-consult.com/index.php?id=118

Impact: A user may disclose passwords for SMB shares as part of a URL.

Solution: The vendor has issued patches for KDE 3.2.3, 3.3.1, and 3.3.2.

Patches for KDE 3.3.1 are available from
ftp://ftp.kde.org/pub/kde/security_patches :

501852d12f82aebe7eb73ec5d96c9e6d post-3.3.1-kdebase-smb.diff
5b9c1738f2de3f00533e376eb64c7137 post-3.3.1-kdelibs-khtml.diff
f287c900c637af2452c7a554f2df166f post-3.3.1-kdelibs-kio.diff


Patch for KDE 3.3.2 is available from
ftp://ftp.kde.org/pub/kde/security_patches :

d3658e90acec6ff140463ed2fd0e7736 post-3.3.2-kdelibs-kio.diff


Patches for KDE 3.2.3 are available from
ftp://ftp.kde.org/pub/kde/security_patches :

d080d9acf4d2abc5f91ccec8fc463568 post-3.2.3-kdebase-smb.diff
d79d1717b4bc0b3891bacaaf37deade0 post-3.2.3-kdelibs-khtml.diff
94e76ec98cd58ce27cad8f886d241986 post-3.2.3-kdelibs-kio.diff
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1194

User comments (post your comments here)

Only registerd members can post comments and articles
 
Previous articleBack to news listNext article
 


InterJOB.su
Bookmark us | Set As Homepage | Advertising | Contact Us | Recomend us | Link us | Links | Terms

SpyLOG Page Rank Checker
LAST QUERIES