CVE-2004-0411 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2004-0411
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-0411

Description: The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/16163 SUSE http://www.novell.com/linux/security/advisories/2004_14_kdelibs.html SLACKWARE http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.362635 SAID Secunia Advisory: SA11602 REDHAT http://www.redhat.com/support/errata/RHSA-2004-222.html OVAL http://oval.mitre.org/oval/definitions/data/oval954.html OSVDB 6107 GENTOO http://security.gentoo.org/glsa/glsa-200405-11.xml FEDORA http://www.securityfocus.com/advisories/6743 http://www.securityfocus.com/advisories/6717 DEBIAN http://www.debian.org/security/2004/dsa-518 CONFIRM http://www.kde.org/info/security/advisory-20040517-1.txt CONECTIVA http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843 CIAC http://www.ciac.org/ciac/bulletins/o-146.shtml BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=108481412427344&w=2 http://www.securityfocus.com/archive/1/363225 BID 10358

Return to the previous page.