Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1145

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1145
Last Modified 21 Aug 2010 12:21:55
Published 15 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1145

Summary

Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.

Vulnerable Systems

Operating System

  • Altlinux Alt Linux 2.3

  • Conectiva Linux 10.0

  • Conectiva Linux 9.0

  • Debian Linux 3.0

  • Redhat Enterprise Linux 2.1

  • Redhat Enterprise Linux 3.0

  • Redhat Enterprise Linux Desktop 3.0

  • Redhat Linux Advanced Workstation 2.1

  • Suse Linux 8.0

  • Suse Linux 8.1

  • Suse Linux 8.2

  • Suse Linux 9.0

  • Suse Linux 9.1

  • Suse Linux 9.2

Application

  • Ethereal Group Ethereal 0.10

  • Ethereal Group Ethereal 0.10.1

  • Ethereal Group Ethereal 0.10.2

  • Ethereal Group Ethereal 0.10.3

  • Ethereal Group Ethereal 0.10.4

  • Ethereal Group Ethereal 0.10.5

  • Ethereal Group Ethereal 0.10.6

  • Ethereal Group Ethereal 0.10.7

  • Ethereal Group Ethereal 0.9

  • Ethereal Group Ethereal 0.9.1

  • Ethereal Group Ethereal 0.9.10

  • Ethereal Group Ethereal 0.9.11

  • Ethereal Group Ethereal 0.9.12

  • Ethereal Group Ethereal 0.9.13

  • Ethereal Group Ethereal 0.9.14

  • Ethereal Group Ethereal 0.9.15

  • Ethereal Group Ethereal 0.9.16

  • Ethereal Group Ethereal 0.9.2

  • Ethereal Group Ethereal 0.9.3

  • Ethereal Group Ethereal 0.9.4

  • Ethereal Group Ethereal 0.9.5

  • Ethereal Group Ethereal 0.9.6

  • Ethereal Group Ethereal 0.9.7

  • Ethereal Group Ethereal 0.9.8

  • Ethereal Group Ethereal 0.9.9

  • Sgi Propack 3.0


References

CERT-VN - VU#420222

XF - konqueror-sandbox-restriction-bypass(18596)

REDHAT - RHSA-2005:065

CONFIRM - http://www.kde.org/info/security/advisory-20041220-1.txt

GENTOO - GLSA-200501-16

SECUNIA - 13586

BUGTRAQ - 20041220 KDE Security Advisory: Konqueror Java Vulnerability

MISC - http://www.heise.de/security/dienste/browsercheck/tests/java.shtml

MANDRAKE - MDKSA-2004:154


Last Updated: 27 May 2016 10:38:54