Bug#250215: marked as done (CAN-2004-0411: URI handlers do not filter properly)
Your message dated Fri, 2 Jul 2004 03:30:06 +0200
with message-id <20040702013006.GA11374@chistera.yi.org>
and subject line Bug#250215: CAN-2004-0411: URI handlers do not filter properly
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 21 May 2004 10:59:26 +0000
>From ray@xinara.org Fri May 21 03:59:26 2004
Return-path: <ray@xinara.org>
Received: from mail.o2w.nl [213.227.141.209] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BR7kM-00006A-00; Fri, 21 May 2004 03:59:26 -0700
Received: from zensunni.xinara.org (unknown [217.22.72.48])
(using TLSv1 with cipher RC4-SHA (128/128 bits))
(Client did not present a certificate)
by mail.o2w.nl (Postfix) with ESMTP id 92ECF358E0
for <submit@bugs.debian.org>; Fri, 21 May 2004 12:59:25 +0200 (CEST)
Received: from ray by zensunni.xinara.org with local (Exim 4.34)
id 1BR7kH-00031N-WF; Fri, 21 May 2004 12:59:22 +0200
Date: Fri, 21 May 2004 12:59:21 +0200
From: "J.H.M. Dassen (Ray)" <fsmla@xinara.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CAN-2004-0411: URI handlers do not filter properly
Message-ID: <20040521105921.GA11603@xinara.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Reportbug-Version: 2.59
Organization: Ray at home
X-System: Debian GNU/Linux testing/unstable, kernel 2.4.27-pre3
User-Agent: Mutt/1.5.6i
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: konqueror
Version: 4:3.2.2-1
Severity: grave
Tags: security upstream woody sarge sid
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411 :
Candidate: CAN-2004-0411
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411
Phase: Assigned (20040416)
Category: SF
Reference: BUGTRAQ:20040513 Opera Telnet URI Handler Vulnerability also applies to other browsers
Reference: URL:http://www.securityfocus.com/archive/1/363225
Reference: BUGTRAQ:20040517 KDE Security Advisory: URI Handler Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108481412427344&w=2
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20040517-1.txt
Reference: REDHAT:RHSA-2004:222
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-222.html
The URI handlers in Konqueror for KDE 3.2.2 and earlier do not
properly filter "-" characters that begin a hostname in a (1) telnet,
(2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers
to manipulate the options that are passed to the associated programs,
possibly to read arbitrary files or execute arbitrary code.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (800, 'unstable'), (750, 'experimental'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-pre3
Locale: LANG=C, LC_CTYPE=en_US.ISO8859-1
--
Obsig: developing a new sig
---------------------------------------
Received: (at 250215-done) by bugs.debian.org; 2 Jul 2004 01:30:20 +0000
>From asp16@alu.ua.es Thu Jul 01 18:30:20 2004
Return-path: <asp16@alu.ua.es>
Received: from alc1-interjet256-159-105.medtelecom.net (chistera.yi.org) [62.117.159.105]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BgCse-0007Yk-00; Thu, 01 Jul 2004 18:30:20 -0700
Received: from userid 1000 by chistera.yi.org with local (Exim 4.34)
id 1BgCsQ-00030c-8F; Fri, 02 Jul 2004 03:30:06 +0200
Date: Fri, 2 Jul 2004 03:30:06 +0200
From: Adeodato =?iso-8859-1?Q?Sim=F3?= <asp16@alu.ua.es>
To: "J.H.M. Dassen (Ray)" <fsmla@xinara.org>, 250215-done@bugs.debian.org
Subject: Re: Bug#250215: CAN-2004-0411: URI handlers do not filter properly
Message-ID: <20040702013006.GA11374@chistera.yi.org>
References: <20040521105921.GA11603@xinara.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20040521105921.GA11603@xinara.org>
X-No-CC: Please respect my Mail-Followup-To header
User-Agent: Mutt/1.5.6+20040523i
Delivered-To: 250215-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-4.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS,
HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
* J.H.M. Dassen (Ray) [Fri, 21 May 2004 12:59:21 +0200]:
> Tags: security upstream woody sarge sid
> The URI handlers in Konqueror for KDE 3.2.2 and earlier do not
> properly filter "-" characters that begin a hostname in a (1) telnet,
> (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers
> to manipulate the options that are passed to the associated programs,
> possibly to read arbitrary files or execute arbitrary code.
This has been fixed for woody in Debian Security Advisory DSA 518-1 [1].
It was also fixed for sid by the upload of kdelibs 3.2.3-1 on 2004-06-03,
which is still waiting to enter sarge. Just for the record, the detailed
fix for sid was:
- kdelibs/kdecore/kapplication.cpp revision 1.654, which was backported
to KDE_3_2_BRANCH in 1.637.2.11 (KDE 3.2.3 includes 1.637.2.12).
- kdelibs/kio/misc/ktelnetservice.cpp revision 1.9, which was backported
to KDE_3_2_BRANCH in 1.7.2.2 (KDE 3.2.3 includes 1.7.2.2).
I am hereby closing this bug.
[1] http://www.debian.org/security/2004/dsa-518
--
Adeodato Simó
EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
There may be no I in TEAM, but a M and an E.
Reply to: