CVE-2005-0205 - OpenCVE

KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Bernd Wuebben	Kppp
Kde	Kde

Configuration 1 [-]

OR	cpe:2.3:o:bernd_wuebben:kppp:2.1.2:::::::*
	cpe:2.3:o:kde:kde:3.1:::::::*
	cpe:2.3:o:kde:kde:3.1.1:::::::*
	cpe:2.3:o:kde:kde:3.1.2:::::::*
	cpe:2.3:o:kde:kde:3.1.3:::::::*
	cpe:2.3:o:kde:kde:3.1.4:::::::*
	cpe:2.3:o:kde:kde:3.1.5:::::::*

References

Link	Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000934	Patch
http://www.debian.org/security/2005/dsa-692	Patch Vendor Advisory
http://www.idefense.com/application/poi/display?id=208&type=vulnerabilities	Patch Vendor Advisory
http://www.kde.org/info/security/advisory-20050228-1.txt	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-175.html	Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9596

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-02-28T05:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2005-02-01T00:00:00

Link: CVE-2005-0205

JSON object: View

NVD Information

Status : Modified

Published: 2005-05-02T04:00:00.000

Modified: 2017-10-11T01:29:53.560

Link: CVE-2005-0205

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-02-28T00:00:00", "descriptions": [{"lang": "en", "value": "KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "oval:org.mitre.oval:def:9596", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9596"}, {"name": "DSA-692", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2005/dsa-692"}, {"name": "RHSA-2005:175", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2005-175.html"}, {"name": "CLA-2005:934", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000934"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kde.org/info/security/advisory-20050228-1.txt"}, {"name": "20050228 KPPP Privileged File Descriptor Leak Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://www.idefense.com/application/poi/display?id=208&type=vulnerabilities"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-0205", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:9596", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9596"}, {"name": "DSA-692", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2005/dsa-692"}, {"name": "RHSA-2005:175", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-175.html"}, {"name": "CLA-2005:934", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000934"}, {"name": "http://www.kde.org/info/security/advisory-20050228-1.txt", "refsource": "CONFIRM", "url": "http://www.kde.org/info/security/advisory-20050228-1.txt"}, {"name": "20050228 KPPP Privileged File Descriptor Leak Vulnerability", "refsource": "IDEFENSE", "url": "http://www.idefense.com/application/poi/display?id=208&type=vulnerabilities"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-0205", "datePublished": "2005-02-28T05:00:00", "dateReserved": "2005-02-01T00:00:00", "dateUpdated": "2017-10-10T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bernd_wuebben:kppp:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "DBF32485-71A9-4B7F-BECB-9163E4E66821", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "1F98A556-D640-40F1-92C2-FC262F50F5C8", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B7E2C256-8E9F-4D12-ABF4-FECE06B52CAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "33AF934D-B51B-4A81-BC47-FFEAB9A62C30", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "4A3096F2-B0F1-45E1-806D-6434DE56619A", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "AA5560AA-372B-4462-AFF8-8F27A980E507", "vulnerable": true}, {"criteria": "cpe:2.3:o:kde:kde:3.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "4904CFFD-4CE1-4D65-A7BA-9B06E5B35D07", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp."}], "id": "CVE-2005-0205", "lastModified": "2017-10-11T01:29:53.560", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000934"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2005/dsa-692"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.idefense.com/application/poi/display?id=208&type=vulnerabilities"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.kde.org/info/security/advisory-20050228-1.txt"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2005-175.html"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9596"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}