CVE-2004-0689

KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.kde.org/info/security/advisory-20040811-1.txt	Patch Vendor Advisory
http://www.debian.org/security/2004/dsa-539	Patch Vendor Advisory
http://security.gentoo.org/glsa/glsa-200408-13.xml	Patch Vendor Advisory
http://secunia.com/advisories/12276/	Patch Vendor Advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864
http://marc.info/?l=bugtraq&m=109225538901170&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/16963
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9334

Configurations

Configuration 1 (hide)

cpe:2.3:o:kde:kde:*:*:*:*:*:*:*:*

Information

Published : 2004-09-27 21:00

Updated : 2017-10-10 18:29

NVD link : CVE-2004-0689

Mitre link : CVE-2004-0689

JSON object : View

CWE

NVD-CWE-Other

Products Affected

kde

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.kde.org/info/security/advisory-20040811-1.txt", "name": "http://www.kde.org/info/security/advisory-20040811-1.txt", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.debian.org/security/2004/dsa-539", "name": "DSA-539", "tags": ["Patch", "Vendor Advisory"], "refsource": "DEBIAN"}, {"url": "http://security.gentoo.org/glsa/glsa-200408-13.xml", "name": "200408-13", "tags": ["Patch", "Vendor Advisory"], "refsource": "GENTOO"}, {"url": "http://secunia.com/advisories/12276/", "name": "12276", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864", "name": "CLA-2004:864", "tags": [], "refsource": "CONECTIVA"}, {"url": "http://marc.info/?l=bugtraq&m=109225538901170&w=2", "name": "20040811 KDE Security Advisories: Temporary File and Konqueror Frame Injection Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16963", "name": "kde-application-symlink(16963)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9334", "name": "oval:org.mitre.oval:def:9334", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "KDE before 3.3.0 does not properly handle when certain symbolic links point to \"stale\" locations, which could allow local users to create or truncate arbitrary files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-0689", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2004-09-28T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:kde:kde:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.3.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-11T01:29Z"}

4.6 /10