Bug#268016: [CAN-2004-0746] Konqueror Cross-Domain Cookie Injection
Package: konqueror
Version: 3.2.3-1
Severity: grave
Tags: security upstream sarge
Web sites operating under the affected domains can set HTTP
cookies in such a way that the Konqueror web browser will send them
to all other web sites operating under the same domain.
A malicious website can use this as part of a session fixation
attack. See e.g. http://www.acros.si/papers/session_fixation.pdf
Affected are all country specific secondary top level domains that
use more than 2 characters in the secondary part of the domain name
and that use a secondary part other than com, net, mil, org, gov,
edu or int. Examples of affected domains are .ltd.uk, .plc.uk and
.firm.in
KDE versions up to KDE 3.2.3 inclusive. KDE 3.3 is not affected.
There is 3.2.3-1 in sid for some architectures, but they will probably
replaced soon by 3.3.0-1 which is said to be not vulnerable.
Regards,
Joey
--
There are lies, statistics and benchmarks.
Please always Cc to me when replying to me on the lists.
Reply to: