Info

Disclosure

Oct 14, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

KDocker contains a flaw related to the execution of files that may allow an attacker, authenticated to the X session, to send X client messages and have KDocker execute programs not owned by the owner of the KDocker process. No further details have been provided.

Classification

Location: Local Access Required
Attack Type: Authentication Management
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version 0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

KDocker

0.8

References

Security Tracker: 1011688
Bugtraq ID: 11419
Secunia Advisory ID: 12828
ISS X-Force ID: 17718
CVE ID: 2004-2197 (see also: NVD)
Vendor Specific News/Changelog Entry: http://cvs.sourceforge.net/viewcvs.py/*checkout*/kdocker/kdocker/ChangeLog?rev=1. ......
http://cvs.sourceforge.net/viewcvs.py/kdocker/kdocker/src/kdocker.cpp?r1=1.10&r2= ......
Vendor URL: http://sourceforge.net/projects/kdocker/

Credit

Girish Ramakrishnan - cs19713users.sourceforge.net -

Direct URL: http://osvdb.org/36218