Bug 77944 (CVE-2005-0754)

Summary: VUL-0: CVE-2005-0754: kde: executeable attachments (kommander) problem
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Michael Skibbe <mskibbe>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: heiko.rommel, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: All   
Whiteboard: CVE-2005-0754: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Found By: Third Party Developer/Partner Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: post-3.4-kdewebdev.diff

Description Marcus Meissner 2005-04-14 13:21:39 UTC 
! NOT PUBLIC! KEEP INSIDE SUSE. 
  
KDE Security Advisory: Kommander untrusted code execution 
Original Release Date: 2005-04-20 
URL: http://www.kde.org/info/security/advisory-20050420-1.txt 
 
0. References 
 
        ? 
 
1. Systems affected: 
 
        Quanta 3.1.x, KDE 3.2 and new up to including KDE 3.4.0. 
 
 
2. Overview: 
 
        Kommander is a visual editor and interpreter to edit and 
        interpret visual dialogs and execute scripts attached to 
        dialog actions. 
 
        Kommander executes without user confirmation data files 
        from possibly untrusted locations. As they contain 
        scripts, the user might accidentally run arbitrary code. 
 
 
3. Impact: 
 
        Remotly supplied kommander files from untrusted sources 
        are executed without confirmation. 
 
 
4. Solution: 
 
        Source code patches have been made available which fix these 
        vulnerabilities. Contact your OS vendor / binary package provider 
        for information about how to obtain updated binary packages. 
 
 
5. Patch: 
 
        A patch for KDE 3.4 is available from 
 
        ftp://ftp.kde.org/pub/kde/security_patches : 
 
        XXXXX 
 
 
6. Time line and credits: 
 
        13/03/2005 Notification of KDE security by Eckhart W??rner 
        20/04/2005 Coordinated Public Disclosure
Comment 1 Marcus Meissner 2005-04-14 13:22:16 UTC 
Created attachment 34473 [details]
post-3.4-kdewebdev.diff

tentative patch from KDE
Comment 2 Marcus Meissner 2005-04-22 10:06:57 UTC 
public
Comment 3 Adrian Schröter 2005-04-22 11:26:16 UTC 
a SWAMP ID is needed
Comment 4 Ludwig Nussel 2005-04-22 11:57:04 UTC 
SM-Tracker-1020
Comment 5 Adrian Schröter 2005-04-22 12:17:28 UTC 
packages and patchinfo submitted. 
only the box 9.2 and 9.3 is affected.
Comment 6 Adrian Schröter 2005-04-22 12:27:51 UTC 
sorry, 8.2-9.1 + SLEC is also affected via the "quanta" package.
Comment 7 Ludwig Nussel 2005-04-25 08:09:55 UTC 
CAN-2005-0754
Comment 8 Ludwig Nussel 2005-05-19 11:41:49 UTC 
qa failed on sles9. kommander does not ask to open the file.
Comment 9 Marcus Meissner 2005-06-07 11:47:18 UTC 
adrian, we need new fixes packages ... ;)
Comment 10 Adrian Schröter 2005-06-17 09:37:42 UTC 
SLES9 does start the kmdr editor and not the kmdr executor, when clicking on  
the link to the file. So the check never runs, but it should not matter, since 
the editor does not run file. 
 
Do you accept this ?
Comment 11 Marcus Meissner 2005-06-17 11:31:10 UTC 
please review and approve for qa 
 
 
Adrians explanation is ok for me and it would be ready for QA approval I guess
Comment 12 Marcus Meissner 2005-06-22 13:08:14 UTC 
upates released.
Comment 13 Thomas Biege 2009-10-13 21:16:30 UTC 
CVE-2005-0754: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)