Executive Summary
Summary | |
---|---|
Title | kdebase security update |
Informations | |||
---|---|---|---|
Name | RHSA-2007:0494 | First vendor Publication | 2007-06-13 |
Vendor | RedHat | Last vendor Modification | 2007-06-13 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated kdebase packages that resolve an interaction security issue with Adobe Flash Player are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: The kdebase packages provide the core applications for KDE, the K Desktop Environment. These core packages include Konqueror, the web browser and file manager. A problem with the interaction between the Flash Player and the Konqueror web browser was found. The problem could lead to key presses leaking to the Flash Player applet instead of the browser (CVE-2007-2022). Users of Konqueror who have installed the Adobe Flash Player plugin should upgrade to these updated packages, which contain a patch provided by Dirk Müller that protects against this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 243617 - CVE-2007-2022 kdebase3 flash-player interaction problem |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2007-0494.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:21835 | |||
Oval ID: | oval:org.mitre.oval:def:21835 | ||
Title: | ELSA-2007:0494: kdebase security update (Important) | ||
Description: | Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0494-02 CVE-2007-2022 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | kdebase |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24920 | |||
Oval ID: | oval:org.mitre.oval:def:24920 | ||
Title: | Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet | ||
Description: | Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-2022 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Adobe Flash Player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9332 | |||
Oval ID: | oval:org.mitre.oval:def:9332 | ||
Title: | Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | ||
Description: | Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2022 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for kdebase3 File : nvt/sles9p5014984.nasl |
2009-04-09 | Name : Mandriva Update for kdebase MDKSA-2007:138 (kdebase) File : nvt/gb_mandriva_MDKSA_2007_138.nasl |
2009-01-28 | Name : SuSE Update for flash-player SUSE-SA:2007:046 File : nvt/gb_suse_2007_046.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200708-01 (netscape-flash) File : nvt/glsa_200708_01.nasl |
2008-09-04 | Name : FreeBSD Ports: linux-flashplugin File : nvt/freebsd_linux-flashplugin1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
34140 | Adobe Macromedia Flash Player Plug-in Multiple Browser Remote Keystroke Discl... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0494.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070613_kdebase_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_flash-player-3890.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kdebase3-3407.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_flash-player-3889.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_kdebase3-3347.nasl - Type : ACT_GATHER_INFO |
2007-08-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200708-01.nasl - Type : ACT_GATHER_INFO |
2007-07-18 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_b42e8c3234f611dc9bc9001921ab2fa4.nasl - Type : ACT_GATHER_INFO |
2007-07-04 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-138.nasl - Type : ACT_GATHER_INFO |
2007-06-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0494.nasl - Type : ACT_GATHER_INFO |
2007-06-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0494.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:50:45 |
|