CVE-2005-0754

Current Description

Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.

Basic Data

PublishedApril 22, 2005
Last ModifiedOctober 18, 2016
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegetrue
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationKdeQuanta3.1*******
    2.3OSConectivaLinux9.0*******
    2.3OSConectivaLinux10.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSGentooLinux********
    2.3OSKdeKde3.2*******
    2.3OSKdeKde3.2.1*******
    2.3OSKdeKde3.2.2*******
    2.3OSKdeKde3.2.3*******
    2.3OSKdeKde3.3*******
    2.3OSKdeKde3.3.1*******
    2.3OSKdeKde3.3.2*******
    2.3OSKdeKde3.4*******
    2.3OSRedhatFedora Corecore_3.0*******
    2.3OSUbuntuUbuntu Linux4.1*ia64*****
    2.3OSUbuntuUbuntu Linux4.1*ppc*****
    2.3OSUbuntuUbuntu Linux5.04*amd64*****
    2.3OSUbuntuUbuntu Linux5.04*i386*****
    2.3OSUbuntuUbuntu Linux5.04*powerpc*****

Vulnerable Software List

VendorProductVersions
Redhat Fedora Core core_3.0
Conectiva Linux 10.0, 9.0
Ubuntu Ubuntu Linux 4.1, 5.04
Kde Quanta 3.1
Kde Kde 3.2, 3.2.1, 3.2.2, 3.2.3, 3.3, 3.3.1, 3.3.2, 3.4
Gentoo Linux *

References

NameSourceURLTags
ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.0-kdewebdev-kommander.diffftp://ftp.kde.org/pub/kde/security_patches/post-3.4.0-kdewebdev-kommander.diffCONFIRMVendor Advisory
20050422 [KDE Security Advisory]: Kommander untrusted code executionhttp://marc.info/?l=bugtraq&m=111419664411051&w=2BUGTRAQ
15060http://secunia.com/advisories/15060SECUNIAPATCH Vendor Advisory
http://www.kde.org/info/security/advisory-20050420-1.txthttp://www.kde.org/info/security/advisory-20050420-1.txtCONFIRMPATCH Vendor Advisory
13313http://www.securityfocus.com/bid/13313BIDPATCH Vendor Advisory