Bug#287201: KIOSlave FTP client can be made to send email

To: submit@bugs.debian.org
Subject: Bug#287201: KIOSlave FTP client can be made to send email
From: Ian Gulliver <ian@penguinhosting.net>
Date: Sat, 25 Dec 2004 14:00:01 -0500
Message-id: <[🔎] 20041225190001.GB2821@penguinhosting.net>
Reply-to: Ian Gulliver <ian@penguinhosting.net>, 287201@bugs.debian.org

Package: kdelibs
Version: 3.2.3-2
Severity: grave

The KIOSlave FTP client is vulnerable to the same exploit as Internet
Explorer:

http://lists.netsys.com/pipermail/full-disclosure/2004-December/030229.html

Anything that can pass an FTP URL to it, i.e. a malicious website viewed
in Konqueror, can cause it to send mail without user interaction.  A
proposed, untested patch is attached.

-- 
Ian Gulliver
Penguin Hosting
"Failure is not an option; it comes bundled with your Microsoft products."

--- kdelibs-3.2.3/kioslave/ftp/ftp.cc	2004-02-15 16:15:27.000000000 -0500
+++ kdelibs-3.2.3-ftp-fixed/kioslave/ftp/ftp.cc	2004-12-25 00:44:27.000000000 -0500
@@ -652,6 +652,9 @@
 {
   assert( sControl > 0 );
 
+  if (cmd.find('\r') != -1 || cmd.find('\n') != -1)
+	  return false;
+
   QCString buf = cmd;
   buf += "\r\n";

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: Bug#221442: IMAP system has changed in 3.3
Next by Date: Bug#287097: Experimental kdelibs-data conflicts with Sarge openoffice.org-mimelnk
Previous by thread: Bug#221442: IMAP system has changed in 3.3
Next by thread: Processed: Tag missed in submission
Index(es):
- Date
- Thread