Debian Security Advisory DSA 660-1 (kdebse) Network Vulnerability

Summary

The remote host is missing an update to kdebse announced via advisory DSA 660-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20660-1

Insight

Raphaël Enrici discovered that the KDE screensaver can crash under certain local circumstances. This can be exploited by an attacker with physical access to the workstation to take over the desktop session. For the stable distribution (woody) this problem has been fixed in version 2.2.2-14.9. This problem has been fixed upstream in KDE 3.0.5 and is therefore fixed in the unstable (sid) and testing (sarge) distributions already. We recommend that you upgrade your kscreensaver package.

Severity

Classification

CVE CVE-2005-0078
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1115-1 (gnupg2)
Debian Security Advisory DSA 1041-1 (abc2ps)
Debian Security Advisory DSA 1099-1 (horde2)
Debian Security Advisory DSA 1121-1 (postgrey)
Debian Security Advisory DSA 1140-1 (gnupg)

Take action and discover your vulnerabilities