Bug#416318: kdelibs4c2a: Vulnerable to CVE-2007-1564 - exploitable passive ftp connections

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#416318: kdelibs4c2a: Vulnerable to CVE-2007-1564 - exploitable passive ftp connections
From: Sune Vuorela <reportbug@pusling.com>
Date: Mon, 26 Mar 2007 23:12:42 +0200
Message-id: <[🔎] 20070326211242.30140.32981.reportbug@pusling>
Reply-to: Sune Vuorela <reportbug@pusling.com>, 416318@bugs.debian.org

Package: kdelibs4c2a
Version: 4:3.5.5a.dfsg.1-5
Severity: grave
Tags: security patch
Justification: user security hole


The FTP protocol implementation in Konqueror 3.5.5 allows remote servers
to force the client to connect to other servers, perform a proxied port
scan, or obtain sensitive information by specifying an alternate server
address in a FTP PASV command.

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1564

This issue have ben addressed in the -7 upload.

/Sune

Reply to:

Follow-Ups:
- Bug#416318: marked as done (kdelibs4c2a: Vulnerable to CVE-2007-1564 - exploitable passive ftp connections)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#360240: marked as done (umbrello export diagrams as picture generates bad .eps, .svg)
Next by Date: Bug#416318: marked as done (kdelibs4c2a: Vulnerable to CVE-2007-1564 - exploitable passive ftp connections)
Previous by thread: Bug#360240: marked as done (umbrello export diagrams as picture generates bad .eps, .svg)
Next by thread: Bug#416318: marked as done (kdelibs4c2a: Vulnerable to CVE-2007-1564 - exploitable passive ftp connections)
Index(es):
- Date
- Thread