CVE-2004-0411
CVSS7.5
发布时间 :2004-07-07 00:00:00
修订时间 :2016-10-17 22:45:08
NMCOS    

[原文]The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.


[CNNVD]KDE多个URI处理安全漏洞(CNNVD-200407-035)

        
        KDE是一款免费开放源代码X桌面管理程序。
        KDE包含的各种URI处理器存在多个输入验证问题,远程攻击者可以利用这个漏洞在系统上建立或截断文件,执行命令等操作。
        KDE包含的telnet、rlogin、 ssh和mailto URI处理器没有对主机名前的'-'字符串进行检查,可能传递一个选项给此处理器启动的程序。
        攻击者可以诱使用户打开一个特殊构建的telnet URI,可以用户进程在系统上建立或截断系统文件。
        攻击者以诱使用户打开一个特殊构建的mailto URI,可启动KMail程序使它的显示重定向到用户控制的机器上,然后使用这个访问目标用户的个人文件和帐户。
        攻击者以诱使用户打开一个特殊构建的mailto,可启动使用攻击者指定配置文件的KMail程序,如果攻击者可能在机器某处安装任意文件,攻击者就可以在配置文件中包含命令并执行。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:kde:konqueror:3.2.2
cpe:/a:opera_software:opera_web_browser:9.10

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:954Konqueror URI Handler "-" Filter Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0411
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0411
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200407-035
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843
(UNKNOWN)  CONECTIVA  CLA-2004:843
http://marc.info/?l=bugtraq&m=108481412427344&w=2
(UNKNOWN)  BUGTRAQ  20040517 KDE Security Advisory: URI Handler Vulnerabilities
http://security.gentoo.org/glsa/glsa-200405-11.xml
(UNKNOWN)  GENTOO  GLSA-200405-11
http://www.ciac.org/ciac/bulletins/o-146.shtml
(UNKNOWN)  CIAC  O-146
http://www.debian.org/security/2004/dsa-518
(UNKNOWN)  DEBIAN  DSA-518
http://www.kde.org/info/security/advisory-20040517-1.txt
(VENDOR_ADVISORY)  CONFIRM  http://www.kde.org/info/security/advisory-20040517-1.txt
http://www.novell.com/linux/security/advisories/2004_14_kdelibs.html
(UNKNOWN)  SUSE  SuSE-SA:2003:014
http://www.redhat.com/support/errata/RHSA-2004-222.html
(UNKNOWN)  REDHAT  RHSA-2004:222
http://www.securityfocus.com/advisories/6717
(UNKNOWN)  FEDORA  FEDORA-2004-121
http://www.securityfocus.com/advisories/6743
(UNKNOWN)  FEDORA  FEDORA-2004-122
http://www.securityfocus.com/archive/1/363225
(VENDOR_ADVISORY)  BUGTRAQ  20040513 Opera Telnet URI Handler Vulnerability also applies to other browsers
http://www.securityfocus.com/bid/10358
(UNKNOWN)  BID  10358
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.362635
(UNKNOWN)  SLACKWARE  SSA:2004-238
http://xforce.iss.net/xforce/xfdb/16163
(UNKNOWN)  XF  kde-url-handler-gain-access(16163)

- 漏洞信息

KDE多个URI处理安全漏洞
高危 输入验证
2004-07-07 00:00:00 2005-10-20 00:00:00
远程  
        
        KDE是一款免费开放源代码X桌面管理程序。
        KDE包含的各种URI处理器存在多个输入验证问题,远程攻击者可以利用这个漏洞在系统上建立或截断文件,执行命令等操作。
        KDE包含的telnet、rlogin、 ssh和mailto URI处理器没有对主机名前的'-'字符串进行检查,可能传递一个选项给此处理器启动的程序。
        攻击者可以诱使用户打开一个特殊构建的telnet URI,可以用户进程在系统上建立或截断系统文件。
        攻击者以诱使用户打开一个特殊构建的mailto URI,可启动KMail程序使它的显示重定向到用户控制的机器上,然后使用这个访问目标用户的个人文件和帐户。
        攻击者以诱使用户打开一个特殊构建的mailto,可启动使用攻击者指定配置文件的KMail程序,如果攻击者可能在机器某处安装任意文件,攻击者就可以在配置文件中包含命令并执行。
        

- 公告与补丁

        厂商补丁:
        KDE
        ---
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        KDE KDE 3.0.5 b:
        KDE Patch post-3.0.5b-kdelibs-kapplication.patch
        ftp://ftp.kde.org/pub/kde/security_patches
        KDE Patch post-3.0.5b-kdelibs-ktelnetservice.patch
        ftp://ftp.kde.org/pub/kde/security_patches
        KDE KDE 3.1.5:
        KDE Patch post-3.1.5-kdelibs-kapplication.patch
        ftp://ftp.kde.org/pub/kde/security_patches
        KDE Patch post-3.1.5-kdelibs-ktelnetservice.patch
        ftp://ftp.kde.org/pub/kde/security_patches
        KDE KDE 3.2.2:
        KDE Patch post-3.2.2-kdelibs-kapplication.patch
        ftp://ftp.kde.org/pub/kde/security_patches
        KDE Patch post-3.2.2-kdelibs-ktelnetservice.patch
        ftp://ftp.kde.org/pub/kde/security_patches

- 漏洞信息

6107
Multiple Browser Telnet URI Handler File Manipulation
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

Several browsers contain a flaw that may allow a remote attacker arbitrary file manipulation. The issue is triggered when a specially crafted telnet URI is parsed by the browser resulting in a loss of integrity.

- 时间线

2004-05-12 Unknow
2004-05-12 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

KDE Multiple URI Handler Vulnerabilities
Input Validation Error 10358
Yes No
2004-05-17 12:00:00 2009-07-12 04:07:00
The telnet URI handler vulnerability was identified by iDEFENSE. The other vulnerabilities were disclosed by KDE.

- 受影响的程序版本

Red Hat Fedora Core1
KDE KDE 3.2.2
+ KDE KDE 3.2.2
+ Red Hat Fedora Core2
KDE KDE 3.1.5
KDE KDE 3.1.4
KDE KDE 3.1.3
+ Red Hat Enterprise Linux AS 3
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
KDE KDE 3.1.2
+ Conectiva Linux 9.0
+ Conectiva Linux 9.0
+ KDE KDE 3.1.2
KDE KDE 3.1.1 a
KDE KDE 3.1.1
+ Conectiva Linux 9.0
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. Linux Personal 8.2
KDE KDE 3.1
+ RedHat Linux 9.0 i386
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.1
KDE KDE 3.0.5 b
KDE KDE 3.0.5 a
+ RedHat Linux 8.0 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3 i386
KDE KDE 3.0.5
+ Conectiva Linux 8.0
KDE KDE 3.0.4
+ Conectiva Linux 8.0
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ Gentoo Linux 1.2
KDE KDE 3.0.3 a
KDE KDE 3.0.3
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ Conectiva Linux Enterprise Edition 1.0
+ FreeBSD FreeBSD 4.7 -STABLE
+ FreeBSD FreeBSD 4.7 -STABLE
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
KDE KDE 3.0.2
+ Mandriva Linux Mandrake 8.2
KDE KDE 3.0.1
KDE KDE 3.0
+ Conectiva Linux 8.0
KDE KDE 2.2.2
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux Advanced Work Station 2.1
+ Sun Linux 5.0.7
+ Sun Linux 5.0.7
+ Sun Linux 5.0.6
+ Sun Linux 5.0.6
+ Sun Linux 5.0.5
+ Sun Linux 5.0.5
KDE KDE 2.2.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Caldera OpenLinux Workstation 3.1
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
KDE KDE 2.2
KDE KDE 2.1.2
+ Conectiva Linux 7.0
KDE KDE 2.1.1
KDE KDE 2.1
KDE KDE 2.0.1
+ Conectiva Linux 6.0
KDE KDE 2.0 BETA
KDE KDE 2.0
KDE KDE 1.2
- S.u.S.E. Linux 6.4
KDE KDE 1.1.2
+ Caldera OpenLinux 2.3
+ Mandriva Linux Mandrake 7.0
KDE KDE 1.1.1
KDE KDE 1.1
Conectiva Linux 9.0
Conectiva Linux 8.0

- 漏洞讨论

It has been reported that KDE is prone to multiple input validation vulnerabilities in various URI handlers. The issues are reported to exist due to insufficient sanitization of user-supplied input by the telnet, rlogin, ssh and mailto URI handlers. Specifically, if a '-' character is present at the beginning of a host name, options may be passed to the programs to carry out an attack.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

KDE has released a security advisory to address these issues. Please see the referenced advisory for more information.

Conectiva has released a security advisory (CLA-2004:843) that addresses this issue. Please see the referenced advisory for information and fixes.

RedHat has released a security advisory (RHSA-2004:222-11) that addresses this issue. Please see the referenced advisory for updated information and fixes.

Slackware has released a security advisory (SSA:2004-238-01) that addresses this issue. Please see the referenced advisory for updated information and fixes.

Red Hat Fedore has released an advisory FEDORA-2004-121 that addresses this issue. Please see the referenced advisory for updated information and fixes.

RedHat has released advisory FEDORA-2004-122 to provide fixes for Fedora. Please see the attached advisory for details on obtaining and applying fixes.

Gentoo has released advisory GLSA 200405-11 to provide fixes for this issue. Please see the attached advisory for details on obtaining and applying fixes. Gentoo users may carry out the following commands to upgrade their computers:

Users of KDE 3.1 should upgrade to the corrected version of kdelibs:

# emerge sync
# emerge -pv "=kde-base/kdelibs-3.1.5-r1"
# emerge "=kde-base/kdelibs-3.1.5-r1"

Users of KDE 3.2 should upgrade to the latest available version of
kdelibs:

# emerge sync
# emerge -pv ">=kde-base/kdelibs-3.2.2-r1"
# emerge ">=kde-base/kdelibs-3.2.2-r1"

SuSE has released advisory SuSE-SA:2004:014 to provide fixes for this issue. Please see the attached advisory for details on obtaining and applying fixes.

Silicon Graphics has released advisory 20040509-01-U and fixes dealing with this and other issues for SGI ProPack 3. Please see the referenced advisory for more information.

Silicon Graphics has released advisory 20040508-01-U and fixes dealing with this and other issues for SGI ProPack 2.4. Please see the referenced advisory for more information.

Debian has released an advisory (DSA 518-1) with fixes to address this issue. Please see the referenced advisory for more information.


Red Hat Fedora Core1

KDE KDE 2.2.2

KDE KDE 3.0

KDE KDE 3.0.5

KDE KDE 3.0.5 b

KDE KDE 3.1.1

KDE KDE 3.1.3

KDE KDE 3.1.4

KDE KDE 3.1.5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站