Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0411

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0411
Last Modified 10 Sep 2008 03:26:18
Published 07 Jul 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0411

Summary

The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.

Vulnerable Systems

Application

  • Kde Konqueror 3.2.2

  • Opera Software Opera Web Browser 9.10


References

CONFIRM - http://www.kde.org/info/security/advisory-20040517-1.txt

BUGTRAQ - 20040513 Opera Telnet URI Handler Vulnerability also applies to other browsers

REDHAT - RHSA-2004:222

SUSE - SuSE-SA:2003:014

DEBIAN - DSA-518

GENTOO - GLSA-200405-11

XF - kde-url-handler-gain-access(16163)

SLACKWARE - SSA:2004-238

BID - 10358

FEDORA - FEDORA-2004-122

FEDORA - FEDORA-2004-121

OSVDB - 6107

CIAC - O-146

SECUNIA - 11602

BUGTRAQ - 20040517 KDE Security Advisory: URI Handler Vulnerabilities

CONECTIVA - CLA-2004:843


Last Updated: 27 May 2016 10:38:36