Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1165

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-1165
Last Modified 21 Aug 2010 12:21:58
Published 10 Jan 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1165

Summary

Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

Vulnerable Systems

Application

  • Kde Konqueror 3.3.1

  • Kdelibs 3.1

  • Kdelibs 3.1.1

  • Kdelibs 3.1.2

  • Kdelibs 3.1.3

  • Kdelibs 3.1.4

  • Kdelibs 3.1.5

  • Kdelibs 3.2

  • Kdelibs 3.2.1

  • Kdelibs 3.2.2


References

XF - web-browser-ftp-command-execution(18384)

REDHAT - RHSA-2005:065

REDHAT - RHSA-2005:009

GENTOO - GLSA-200501-18

DEBIAN - DSA-631

MANDRAKE - MDKSA-2005:045

BUGTRAQ - 20041205 7a69Adv#16 - Konqueror FTP command injection


Last Updated: 27 May 2016 10:38:55