CVE Reference: CVE-2005-0237

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2005-0237

Description:
The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/19236

SAID
  Secunia Advisory: SA14162

REDHAT
  http://www.redhat.com/support/errata/RHSA-2005-325.html

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10671

MISC
  http://www.shmoo.com/idn/homograph.txt
  http://www.shmoo.com/idn

MANDRAKE
  http://www.mandriva.com/security/advisories?name=MDKSA-2005:058

FULLDISC
  http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html
  http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html

FEDORA
  http://www.securityfocus.com/archive/1/archive/1/427976/100/0/threaded

CONFIRM
  http://www.kde.org/info/security/advisory-20050316-2.txt

BID
  12461


Return to the previous page.