MidnightBSD

Advisories for bernd_wuebben

CVE-2005-0205 MEDIUM

KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kde kde 3.1
kde kde 3.1.3
bernd_wuebben kppp 2.1.2
kde kde 3.1.2
kde kde 3.1.1
kde kde 3.1.4
kde kde 3.1.5