Summary
The remote host is missing an update to kphone
announced via advisory DSA 1062-1.
Sven Dreyer discovered that KPhone, a Voice over IP client for KDE, creates a configuration file world-readable, which could leak sensitive information like SIP passwords.
The the old stable distribution (woody) doesn't contain kphone packages.
Solution
For the stable distribution (sarge) this problem has been fixed in version 4.1.0-2sarge1.
For the unstable distribution (sid) this problem has been fixed in version 4.2-6.
We recommend that you upgrade your kphone package. If your current kphonerc
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201062-1
Severity
Classification
-
CVE CVE-2006-2442 -
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities