Bug 77944 (CVE-2005-0754) - VUL-0: CVE-2005-0754: kde: executeable attachments (kommander) problem
Summary: VUL-0: CVE-2005-0754: kde: executeable attachments (kommander) problem
Status: RESOLVED FIXED
Alias: CVE-2005-0754
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All All
: P5 - None : Normal
Target Milestone: ---
Assignee: Michael Skibbe
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2005-0754: CVSS v2 Base Score: 7....
Keywords:
Depends on:
Blocks:
 
Reported: 2005-04-14 13:21 UTC by Marcus Meissner
Modified: 2021-11-08 10:30 UTC (History)
2 users (show)

See Also:
Found By: Third Party Developer/Partner
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
post-3.4-kdewebdev.diff (2.60 KB, patch)
2005-04-14 13:22 UTC, Marcus Meissner 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2005-04-14 13:21:39 UTC 
! NOT PUBLIC! KEEP INSIDE SUSE. 
  
KDE Security Advisory: Kommander untrusted code execution 
Original Release Date: 2005-04-20 
URL: http://www.kde.org/info/security/advisory-20050420-1.txt 
 
0. References 
 
        ? 
 
1. Systems affected: 
 
        Quanta 3.1.x, KDE 3.2 and new up to including KDE 3.4.0. 
 
 
2. Overview: 
 
        Kommander is a visual editor and interpreter to edit and 
        interpret visual dialogs and execute scripts attached to 
        dialog actions. 
 
        Kommander executes without user confirmation data files 
        from possibly untrusted locations. As they contain 
        scripts, the user might accidentally run arbitrary code. 
 
 
3. Impact: 
 
        Remotly supplied kommander files from untrusted sources 
        are executed without confirmation. 
 
 
4. Solution: 
 
        Source code patches have been made available which fix these 
        vulnerabilities. Contact your OS vendor / binary package provider 
        for information about how to obtain updated binary packages. 
 
 
5. Patch: 
 
        A patch for KDE 3.4 is available from 
 
        ftp://ftp.kde.org/pub/kde/security_patches : 
 
        XXXXX 
 
 
6. Time line and credits: 
 
        13/03/2005 Notification of KDE security by Eckhart W??rner 
        20/04/2005 Coordinated Public Disclosure
Comment 1 Marcus Meissner 2005-04-14 13:22:16 UTC 
Created attachment 34473 [details]
post-3.4-kdewebdev.diff

tentative patch from KDE
Comment 2 Marcus Meissner 2005-04-22 10:06:57 UTC 
public
Comment 3 Adrian Schröter 2005-04-22 11:26:16 UTC 
a SWAMP ID is needed
Comment 4 Ludwig Nussel 2005-04-22 11:57:04 UTC 
SM-Tracker-1020
Comment 5 Adrian Schröter 2005-04-22 12:17:28 UTC 
packages and patchinfo submitted. 
only the box 9.2 and 9.3 is affected.
Comment 6 Adrian Schröter 2005-04-22 12:27:51 UTC 
sorry, 8.2-9.1 + SLEC is also affected via the "quanta" package.
Comment 7 Ludwig Nussel 2005-04-25 08:09:55 UTC 
CAN-2005-0754
Comment 8 Ludwig Nussel 2005-05-19 11:41:49 UTC 
qa failed on sles9. kommander does not ask to open the file.
Comment 9 Marcus Meissner 2005-06-07 11:47:18 UTC 
adrian, we need new fixes packages ... ;)
Comment 10 Adrian Schröter 2005-06-17 09:37:42 UTC 
SLES9 does start the kmdr editor and not the kmdr executor, when clicking on  
the link to the file. So the check never runs, but it should not matter, since 
the editor does not run file. 
 
Do you accept this ?
Comment 11 Marcus Meissner 2005-06-17 11:31:10 UTC 
please review and approve for qa 
 
 
Adrians explanation is ok for me and it would be ready for QA approval I guess
Comment 12 Marcus Meissner 2005-06-22 13:08:14 UTC 
upates released.
Comment 13 Thomas Biege 2009-10-13 21:16:30 UTC 
CVE-2005-0754: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)