---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l ---------------------------------------------------------------------- TITLE: KDE Desktop Communication Protocol Denial of Service Vulnerability SECUNIA ADVISORY ID: SA14591 VERIFY ADVISORY: http://secunia.com/advisories/14591/ CRITICAL: Not critical IMPACT: DoS WHERE: Local system SOFTWARE: KDE 3.x http://secunia.com/product/219/ DESCRIPTION: Sebastian Krahmer has reported a vulnerability in KDE, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the authentication process in the DCOP (Desktop Communication Protocol) daemon dcopserver. This can be exploited to lock the dcopserver for arbitrary local users. Successful exploitation may result in decreased desktop functionality for the affected user. The vulnerability has been reported in versions prior to 3.4. SOLUTION: Upgrade to KDE 3.4 or apply patch. Patch for KDE 3.1.x: ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.5-kdelibs-dcop.patch 377c49d8224612fbf09f70f3c09d52f5 Patch for KDE 3.2.x: ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-dcop.patch 0948701bffb082c65784dc8a2b648ef0 Patch for KDE 3.3.x: ftp://ftp.kde.org/pub/kde/security_patches/post-3.3.2-kdelibs-dcop.patch 7309e259ae1f29be08bbb70e580da3fb PROVIDED AND/OR DISCOVERED BY: Sebastian Krahmer, SUSE LINUX Security Team. ORIGINAL ADVISORY: http://www.kde.org/info/security/advisory-20050316-1.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------