Symlink Vulnerability in KDE Leading to File Manipulation
CVE-2004-0689

7.1HIGH

Key Information:

Vendor: Kde
Status: Kde
Vendor: CVE Published:; 28 September 2004

🔔 Create Kde Vulnerability Alert

What is CVE-2004-0689?

Prior to version 3.3.0, KDE fails to securely handle symbolic links that may refer to nonexistent or 'stale' destinations. This oversight allows local users to potentially create or truncate arbitrary files, posing a significant risk if exploited. Users are advised to update to the latest version to mitigate this risk.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio...

vendor-advisoryx_refsource_CONECTIVA

http://secunia.com/advisories/12276/

third-party-advisoryx_refsource_SECUNIA

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 28, 2004
Vulnerability Reserved
Jul 13, 2004

CVE-2004-0689 Data

.