7.5 - RHSA-2005:009

Executive Summary

Summary
Title	Updated kdelibs and kdebase packages correct security issues

Informations
Name	RHSA-2005:009	First vendor Publication	2005-02-10
Vendor	RedHat	Last vendor Modification	2005-02-10
Severity (Vendor)	N/A	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated kdelib and kdebase packages that resolve several security issues are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The kdelibs packages include libraries for the K Desktop Environment. The kdebase packages include core applications for the K Desktop Environment.

Secunia Research discovered a window injection spoofing vulnerability affecting the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a different browser window. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1158 to this issue.

A bug was discovered in the way kioslave handles URL-encoded newline (%0a) characters before the FTP command. It is possible that a specially crafted URL could be used to execute any ftp command on a remote server, or potentially send unsolicited email. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1165 to this issue.

A bug was discovered that can crash KDE screensaver under certain local circumstances. This could allow an attacker with physical access to the workstation to take over a locked desktop session. Please note that this issue only affects Red Hat Enterprise Linux 2.1. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-0078 to this issue.

All users of KDE are advised to upgrade to this updated packages, which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

142393 - CAN-2004-1158 Frame injection vulnerability. 139265 - KDE+Cadence bug 146760 - CAN-2004-1165 kioslave command injection 145381 - CAN-2005-0078 password bypass in kde screensaver

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2005-009.html

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11056

Oval ID:	oval:org.mitre.oval:def:11056
Title:	Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
Description:	Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-1158	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3	Product(s):
Definition Synopsis:
RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section kdebase is earlier than 6:3.1.3-5.8 AND kdebase-devel is earlier than 6:3.1.3-5.8 AND kdelibs is earlier than 6:3.1.3-6.9 AND kdelibs-devel is earlier than 6:3.1.3-6.9

Definition Id: oval:org.mitre.oval:def:9260

Oval ID:	oval:org.mitre.oval:def:9260
Title:	Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
Description:	The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2005-0078	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3	Product(s):
Definition Synopsis:
RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section kdebase is earlier than 6:3.1.3-5.8 AND kdebase-devel is earlier than 6:3.1.3-5.8 AND kdelibs is earlier than 6:3.1.3-6.9 AND kdelibs-devel is earlier than 6:3.1.3-6.9

Definition Id: oval:org.mitre.oval:def:9645

Oval ID:	oval:org.mitre.oval:def:9645
Title:	Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.
Description:	Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-1165	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section kdebase is earlier than 6:3.1.3-5.8 AND kdebase-devel is earlier than 6:3.1.3-5.8 AND kdelibs is earlier than 6:3.1.3-6.9 AND kdelibs-devel is earlier than 6:3.1.3-6.9 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section kdelibs is earlier than 6:3.3.1-3.3 AND kdelibs-devel is earlier than 6:3.3.1-3.3

CPE : Common Platform Enumeration

Type	Description	Count
Application	Kde Kdelibs cpe:2.3:a:kde:kdelibs:3.2.2:::::::* cpe:2.3:a:kde:kdelibs:3.2.1:::::::* cpe:2.3:a:kde:kdelibs:3.2:::::::* cpe:2.3:a:kde:kdelibs:3.1.5:::::::* cpe:2.3:a:kde:kdelibs:3.1.4:::::::* cpe:2.3:a:kde:kdelibs:3.1.3:::::::* cpe:2.3:a:kde:kdelibs:3.1.2:::::::* cpe:2.3:a:kde:kdelibs:3.1.1:::::::* cpe:2.3:a:kde:kdelibs:3.1:::::::*	9
Application	Kde Konqueror cpe:2.3:a:kde:konqueror:3.3.2:::::::* cpe:2.3:a:kde:konqueror:3.3.1:::::::* cpe:2.3:a:kde:konqueror:3.3:::::::* cpe:2.3:a:kde:konqueror:3.2.3:::::::* cpe:2.3:a:kde:konqueror:3.2.2.6:::::::* cpe:2.3:a:kde:konqueror:3.2.1:::::::* cpe:2.3:a:kde:konqueror:3.1.5:::::::* cpe:2.3:a:kde:konqueror:3.1.4:::::::* cpe:2.3:a:kde:konqueror:3.1.3:::::::* cpe:2.3:a:kde:konqueror:3.1.2:::::::* cpe:2.3:a:kde:konqueror:3.1.1:::::::* cpe:2.3:a:kde:konqueror:3.1:::::::* cpe:2.3:a:kde:konqueror:3.0.5b:::::::* cpe:2.3:a:kde:konqueror:3.0.5:::::::* cpe:2.3:a:kde:konqueror:3.0.3:::::::* cpe:2.3:a:kde:konqueror:3.0.2:::::::* cpe:2.3:a:kde:konqueror:3.0.1:::::::* cpe:2.3:a:kde:konqueror:3.0:::::::* cpe:2.3:a:kde:konqueror:2.2.2:::::::* cpe:2.3:a:kde:konqueror:2.2.1:::::::* cpe:2.3:a:kde:konqueror:2.1.2:::::::* cpe:2.3:a:kde:konqueror:2.1.1:::::::*	22
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:3.0::woody:::::	1
Os	Kde cpe:2.3:o:kde:kde:3.0.4:::::::* cpe:2.3:o:kde:kde:3.0.3:::::::* cpe:2.3:o:kde:kde:3.0.2:::::::* cpe:2.3:o:kde:kde:3.0.1:::::::* cpe:2.3:o:kde:kde:3.0_beta_2:::::::* cpe:2.3:o:kde:kde:3.0_beta_1:::::::* cpe:2.3:o:kde:kde:3.0:::::::* cpe:2.3:o:kde:kde:2.2.1:::::::* cpe:2.3:o:kde:kde:2.2_beta1:::::::* cpe:2.3:o:kde:kde:2.2:::::::* cpe:2.3:o:kde:kde:2.1_beta2:::::::* cpe:2.3:o:kde:kde:2.1_beta1:::::::* cpe:2.3:o:kde:kde:2.1:::::::* cpe:2.3:o:kde:kde:2.0.1:::::::* cpe:2.3:o:kde:kde:2.0:::::::* cpe:2.3:o:kde:kde:1.1.2:::::::* cpe:2.3:o:kde:kde:1.1.1:::::::* cpe:2.3:o:kde:kde:1.1:::::::* cpe:2.3:o:kde:kde:1.0:::::::*	19
Os	Mandrakesoft Mandrake Linux cpe:2.3:o:mandrakesoft:mandrake_linux:10.1::x86_64::::: cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:::::::* cpe:2.3:o:mandrakesoft:mandrake_linux:10.0::amd64::::: cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:::::::*	4
Os	Redhat Enterprise Linux cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_servers::::: cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server::::: cpe:2.3:o:redhat:enterprise_linux:3.0::workstation::::: cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server::::: cpe:2.3:o:redhat:enterprise_linux:2.1::workstation::::: cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server:::::	6
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*	1
Os	Redhat Fedora Core cpe:2.3:o:redhat:fedora_core:core_3.0:::::::* cpe:2.3:o:redhat:fedora_core:core_2.0:::::::*	2
Os	Redhat Linux Advanced Workstation cpe:2.3:o:redhat:linux_advanced_workstation:2.1:::::::*	1

OpenVAS Exploits

Date	Description
2009-10-10	Name : SLES9: Security update for kdelibs3 File : nvt/sles9p5011912.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200412-16 (KDE) File : nvt/glsa_200412_16.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200501-18 (konqueror) File : nvt/glsa_200501_18.nasl
2008-09-04	Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox8.nasl
2008-09-04	Name : FreeBSD Ports: ja-kdelibs, kdelibs File : nvt/freebsd_ja-kdelibs0.nasl
2008-01-17	Name : Debian Security Advisory DSA 631-1 (kdelibs) File : nvt/deb_631_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 660-1 (kdebse) File : nvt/deb_660_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
59846	KDE Konqueror Cross-domain Browser Window Injection Content Spoofing
13204	KDE Screensaver Crash Local Bypass
12853	Multiple Browser FTP Client Arbitrary Mail Send

Nessus® Vulnerability Scanner

Date	Description
2005-07-13	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_832e9d755bfc11d9a9e70001020eed82.nasl - Type : ACT_GATHER_INFO
2005-07-13	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_b09119856e2a11d99557000a95bc6fae.nasl - Type : ACT_GATHER_INFO
2005-02-22	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-065.nasl - Type : ACT_GATHER_INFO
2005-02-18	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-045.nasl - Type : ACT_GATHER_INFO
2005-02-14	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200501-18.nasl - Type : ACT_GATHER_INFO
2005-02-10	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-009.nasl - Type : ACT_GATHER_INFO
2005-01-26	Name : The remote Debian host is missing a security-related update. File : debian_DSA-660.nasl - Type : ACT_GATHER_INFO
2005-01-12	Name : The remote Debian host is missing a security-related update. File : debian_DSA-631.nasl - Type : ACT_GATHER_INFO
2005-01-02	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-160.nasl - Type : ACT_GATHER_INFO
2004-12-19	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200412-16.nasl - Type : ACT_GATHER_INFO
2004-12-15	Name : The remote Fedora Core host is missing a security update. File : fedora_2004-548.nasl - Type : ACT_GATHER_INFO
2004-12-15	Name : The remote Fedora Core host is missing a security update. File : fedora_2004-549.nasl - Type : ACT_GATHER_INFO
2004-12-15	Name : The remote Fedora Core host is missing a security update. File : fedora_2004-550.nasl - Type : ACT_GATHER_INFO
2004-12-15	Name : The remote Fedora Core host is missing a security update. File : fedora_2004-551.nasl - Type : ACT_GATHER_INFO
2004-12-15	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-150.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:48:50	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	3
CPE ID(s)	65
osvdb(s)	3
Openvas Exploit(s)	7
Nessus® Exploit(s)	15

	Related
7.5	CVE-2004-1165
7.5	CVE-2004-1158
4.6	CVE-2005-0078
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

7.5 - RHSA-2005:009

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU