Bug#285128: CAN-2004-1165: FTP command injection bug

To: submit@bugs.debian.org
Subject: Bug#285128: CAN-2004-1165: FTP command injection bug
From: Joey Hess <joeyh@debian.org>
Date: Fri, 10 Dec 2004 14:51:51 -0500
Message-id: <[🔎] 20041210195151.GA13826@kitenet.net>
Reply-to: Joey Hess <joeyh@debian.org>, 285128@bugs.debian.org

Package: konqueror
Version: 3.3.1
Tags: security
Severity: serious

CAN-2004-1165 is about a security hole in konqueror that allows
arbitrary ftp commands to be inserted in a URL via URL-encoded newlines.
Details about this hole are here:
http://marc.theaimsgroup.com/?l=bugtraq&m=110245752232681&w=2

The advisory says that it affects version >= 3.3.1, so perhaps our
3.2.3-1/2.3.3-1 in t-p-u/testing are not vulnerable. I've not checked.

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#285128: CAN-2004-1165: FTP command injection bug
  - From: Adeodato Simó <asp16@alu.ua.es>

Prev by Date: Bug#285126: CAN-2004-1171: plain text password exposure
Next by Date: Bug#285126: CAN-2004-1171: plain text password exposure
Previous by thread: Processed: Re: Bug#285126: CAN-2004-1171: plain text password exposure
Next by thread: Bug#285128: CAN-2004-1165: FTP command injection bug
Index(es):
- Date
- Thread