Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0237

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0237
Last Modified 21 Aug 2010 12:25:42
Published 02 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0237

Summary

The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Vulnerable Systems

Operating System

  • Kde 3.2.1

Application

  • Kde Konqueror 3.2.1


References

XF - multiple-browsers-idn-spoof(19236)

CONFIRM - http://www.kde.org/info/security/advisory-20050316-2.txt

SECUNIA - 14162

MISC - http://www.shmoo.com/idn/homograph.txt

MISC - http://www.shmoo.com/idn

FULLDISC - 20050206 Re: state of homograph attacks

FULLDISC - 20050206 state of homograph attacks

BID - 12461

FEDORA - FLSA:178606

REDHAT - RHSA-2005:325

MANDRAKE - MDKSA-2005:058


Last Updated: 27 May 2016 10:39:44