Bug#250215: CAN-2004-0411: URI handlers do not filter properly
Package: konqueror
Version: 4:3.2.2-1
Severity: grave
Tags: security upstream woody sarge sid
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411 :
Candidate: CAN-2004-0411
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411
Phase: Assigned (20040416)
Category: SF
Reference: BUGTRAQ:20040513 Opera Telnet URI Handler Vulnerability also applies to other browsers
Reference: URL:http://www.securityfocus.com/archive/1/363225
Reference: BUGTRAQ:20040517 KDE Security Advisory: URI Handler Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108481412427344&w=2
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20040517-1.txt
Reference: REDHAT:RHSA-2004:222
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-222.html
The URI handlers in Konqueror for KDE 3.2.2 and earlier do not
properly filter "-" characters that begin a hostname in a (1) telnet,
(2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers
to manipulate the options that are passed to the associated programs,
possibly to read arbitrary files or execute arbitrary code.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (800, 'unstable'), (750, 'experimental'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-pre3
Locale: LANG=C, LC_CTYPE=en_US.ISO8859-1
--
Obsig: developing a new sig
Reply to: