Back to search
CVE-2005-0205
Published: Feb 28, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
oval:org.mitre.oval:def:9596
vdb-entry
signature
x_refsource_OVAL
DSA-692
vendor-advisory
x_refsource_DEBIAN
RHSA-2005:175
vendor-advisory
x_refsource_REDHAT
CLA-2005:934
vendor-advisory
x_refsource_CONECTIVA
http://www.kde.org/info/security/advisory-20050228-1.txt
x_refsource_CONFIRM
20050228 KPPP Privileged File Descriptor Leak Vulnerability
third-party-advisory
x_refsource_IDEFENSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now