Bug#416318: kdelibs4c2a: Vulnerable to CVE-2007-1564 - exploitable passive ftp connections
Package: kdelibs4c2a
Version: 4:3.5.5a.dfsg.1-5
Severity: grave
Tags: security patch
Justification: user security hole
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers
to force the client to connect to other servers, perform a proxied port
scan, or obtain sensitive information by specifying an alternate server
address in a FTP PASV command.
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1564
This issue have ben addressed in the -7 upload.
/Sune
Reply to: