Info

Disclosure

Aug 23, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

KDE contains a flaw that may allow a malicious user to conduct session fixation attacks. The issue is triggered when a remote attacker sets cookies for the websites of certain country-specific secondary top-level domains, which will fix a session by setting a known session ID in a cookie. It is possible that the flaw may allow a session hijacking, resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Other
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, KDE has released a patch to address this vulnerability.

Products

KDE Project

KDE

3.2.3

References

Security Tracker: 1011017
Secunia Advisory ID: 12341 12369 12465 12495 12521 12725
CVE ID: 2004-0746 (see also: NVD)
Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000864
http://rhn.redhat.com/errata/RHSA-2004-412.html
http://security.gentoo.org/glsa/glsa-200408-23.xml
http://www.kde.org/info/security/advisory-20040823-1.txt
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackw ......

Credit

WESTPOINT -

Direct URL: http://osvdb.org/36218