Vulnerability Description
Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kde | Quanta | 3.1 |
| Conectiva | Linux | 9.0 |
| Gentoo | Linux | All versions |
| Kde | Kde | 3.2 |
| Redhat | Fedora Core | core_3.0 |
| Ubuntu | Ubuntu Linux | 4.1 |
References
- ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.0-kdewebdev-kommander.diffVendor Advisory
- http://marc.info/?l=bugtraq&m=111419664411051&w=2
- http://secunia.com/advisories/15060PatchVendor Advisory
- http://www.kde.org/info/security/advisory-20050420-1.txtPatchVendor Advisory
- http://www.securityfocus.com/bid/13313PatchVendor Advisory
- ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.0-kdewebdev-kommander.diffVendor Advisory
- http://marc.info/?l=bugtraq&m=111419664411051&w=2
- http://secunia.com/advisories/15060PatchVendor Advisory
- http://www.kde.org/info/security/advisory-20050420-1.txtPatchVendor Advisory
- http://www.securityfocus.com/bid/13313PatchVendor Advisory
FAQ
What is CVE-2005-0754?
CVE-2005-0754 is a vulnerability with a CVSS score of 7.5 (HIGH). Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.
How severe is CVE-2005-0754?
CVE-2005-0754 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0754?
Check the references section above for vendor advisories and patch information. Affected products include: Kde Quanta, Conectiva Linux, Gentoo Linux, Kde Kde, Redhat Fedora Core.