CVE-2004-0746
CVSS7.5
发布时间 :2004-10-20 00:00:00
修订时间 :2016-10-17 22:48:37
NMCOPS    

[原文]Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.


[CNNVD]Konqueror跨域Cookie注入漏洞(CNNVD-200410-071)

        
        KDE是一款免费开放源代码X桌面管理程序。
        KDE Konqueror浏览器不正确处理COOKIE信息,远程攻击者可以利用这个漏洞注入恶意数据到COOKIE中。
        在受影响域下操作的WEB站点可以设置HTTP COOKIE,使Konqueror Web浏览器可以发送COOKIE信息到操作在相同域中其他WEB站点上。恶意WEB站点可以利用这个漏洞进行类似会话定置的攻击( http://www.acros.si/papers/session_fixation.pdf )。
        此漏洞影响所有域第二级字符超过2个字符的域名,如:.ltd.uk, .plc.uk和.firm.in。
        必须注意的是流行的域名如.co.uk, .co.in和.com不受此漏洞影响。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:kde:konqueror:3.1.3
cpe:/a:kde:konqueror:3.0.3
cpe:/a:kde:konqueror:3.1.2
cpe:/a:kde:konqueror:3.2.1
cpe:/a:kde:konqueror:3.0.2
cpe:/a:kde:konqueror:3.1.1
cpe:/a:kde:konqueror:3.0.1
cpe:/o:kde:kde:3.2
cpe:/o:suse:suse_linux:9.0::x86_64
cpe:/a:kde:konqueror:3.1.5
cpe:/a:kde:konqueror:3.0.5
cpe:/a:kde:konqueror:3.2.3
cpe:/a:kde:konqueror:3.0.5b
cpe:/a:kde:konqueror:3.1
cpe:/o:kde:kde:3.1.3
cpe:/a:kde:konqueror:3.0
cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64
cpe:/o:gentoo:linux:1.4Gentoo Linux 1.4
cpe:/o:mandrakesoft:mandrake_linux:9.2MandrakeSoft Mandrake Linux 9.2
cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64
cpe:/o:suse:suse_linux:8.1SuSE SuSE Linux 8.1
cpe:/o:suse:suse_linux:9.0SuSE SuSE Linux 9.0
cpe:/o:suse:suse_linux:8::enterprise_server
cpe:/o:suse:suse_linux:9.0::enterprise_server
cpe:/o:mandrakesoft:mandrake_linux:10.0MandrakeSoft Mandrake Linux 10.0
cpe:/o:suse:suse_linux:8.2SuSE SuSE Linux 8.2
cpe:/o:suse:suse_linux:9.1SuSE SuSE Linux 9.1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11281Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .fir...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0746
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0746
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200410-071
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864
(UNKNOWN)  CONECTIVA  CLA-2004:864
http://marc.info/?l=bugtraq&m=109327681304401&w=2
(UNKNOWN)  BUGTRAQ  20040823 KDE Security Advisory: Konqueror Cross-Domain Cookie Injection
http://www.kde.org/info/security/advisory-20040823-1.txt
(UNKNOWN)  CONFIRM  http://www.kde.org/info/security/advisory-20040823-1.txt
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086
(UNKNOWN)  MANDRAKE  MDKSA-2004:086
http://www.securityfocus.com/bid/10991
(VENDOR_ADVISORY)  BID  10991
http://xforce.iss.net/xforce/xfdb/17063
(VENDOR_ADVISORY)  XF  kde-konqueror-cookie-set(17063)

- 漏洞信息

Konqueror跨域Cookie注入漏洞
高危 访问验证错误
2004-10-20 00:00:00 2005-10-20 00:00:00
远程  
        
        KDE是一款免费开放源代码X桌面管理程序。
        KDE Konqueror浏览器不正确处理COOKIE信息,远程攻击者可以利用这个漏洞注入恶意数据到COOKIE中。
        在受影响域下操作的WEB站点可以设置HTTP COOKIE,使Konqueror Web浏览器可以发送COOKIE信息到操作在相同域中其他WEB站点上。恶意WEB站点可以利用这个漏洞进行类似会话定置的攻击( http://www.acros.si/papers/session_fixation.pdf )。
        此漏洞影响所有域第二级字符超过2个字符的域名,如:.ltd.uk, .plc.uk和.firm.in。
        必须注意的是流行的域名如.co.uk, .co.in和.com不受此漏洞影响。
        

- 公告与补丁

        厂商补丁:
        KDE
        ---
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
         Patches for KDE 3.0.5b:
         ftp://ftp.kde.org/pub/kde/security_patches :
         3d83e3235d608176f47d84abdf78e96e post-3.0.5b-kdelibs-kcookiejar.patch
         Patches for KDE 3.1.5:
         ftp://ftp.kde.org/pub/kde/security_patches :
         eec46dc123742c23819bd4c396eb87b6 post-3.1.5-kdelibs-kcookiejar.patch
         Patches for KDE 3.2.3:
         ftp://ftp.kde.org/pub/kde/security_patches :
         ca12b078c7288ce9b2653e639a5b3ee0 post-3.2.3-kdelibs-kcookiejar.patch

- 漏洞信息 (F34392)

wp-04-0001.txt (PacketStormID:F34392)
2004-09-21 00:00:00
Paul Johnston  westpoint.ltd.uk
advisory,vulnerability
linux,windows,2k,suse
CVE-2004-0746,CVE-2004-0866,CVE-2004-0867,CVE-2004-0869,CVE-2004-0870,CVE-2004-0871,CVE-2004-0872
[点击下载]

Westpoint Security Advisory wp-04-0001 - Multiple browsers are susceptible to multiple cookie injection vulnerabilities. Tested: Internet Explorer 6.0 for Windows 2000 with all patches, Konqueror 3.1.4 for SuSE 9.0, Mozilla Firefox 0.9.2 for Windows 2000, Opera 7.51 for Windows 2000.

Westpoint Security Advisory
---------------------------

Title:        Multiple Browser Cookie Injection Vulnerabilities
Risk Rating:  Low
Software:     Multiple Web Browsers
Platforms:    Unix and Windows
Author:       Paul Johnston <paul@westpoint.ltd.uk>
               assisted by Richard Moore <rich@westpoint.ltd.uk>
Date:         15 September 2004
Advisory ID#: wp-04-0001
URL:          http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt
CVE:          Multiple assigned, see main text

Overview
--------

A design goal for cookies is to "prevent the sharing of session
information between hosts that are in different domains." It appears
current implementations are successful at allowing a domain to keep its
cookies private. However, multiple mechanisms have been discovered for
one domain to inject cookies into another. These could be used to
perform session fixation attacks against web applications.

Recommendations:
  * Affected browsers be patched for these vulnerabilities.
  * Web applications implement application layer mitigations for session
    fixation attacks, as described in [2].

Tested:
  Internet Explorer 6.0 for Windows 2000, all patches
  Konqueror 3.1.4 for SuSE 9.0
  Mozilla Firefox 0.9.2 for Windows 2000
  Opera 7.51 for Windows 2000


Cross-Domain Cookie Injection
-----------------------------
Vulnerable:
  Konqueror             CAN-2004-0746
  Internet Explorer     CAN-2004-0866
  Mozilla               CAN-2004-0867
Not vulnerable:
  Opera

By default, cookies are only sent to the host that issued them. There is
an optional "domain" attribute that overrides this behaviour. For
example, red.example.com could set a cookie with domain=.example.com.
This would then be sent to any host in the .example.com domain.

There is potential for abuse here, consider the case where
red.example.com sets a cookie with domain=.com. In principle this would
be sent to any host in the .com domain. However [1] requires browsers to
reject cookies where:

  "The value for the Domain attribute contains no embedded dots"

This prevents a cookie being set with domain=.com. However, this does
not extend to country domains that are split into two parts. For
example, red.example.co.uk could set a cookie with domain=.co.uk and
this will be sent to all hosts in the .co.uk domain. Mozilla follows the
RFC exactly and is vulnerable to this. Konqueror and Internet Explorer
have some further protection, preventing domains of the following forms:

  * Where the 2nd level domain is two or fewer characters, i.e. xx.yy or
    x.yy
  * Domains of the form (com|net|mil|org|gov|edu|int).yy

This does prevent .co.uk cross domain cookie injection but does not
protect all domains. For example, the following .uk domains are
unprotected:

  .ltd.uk
  .plc.uk
  .sch.uk
  .nhs.uk
  .police.uk
  .mod.uk

When testing with Opera, it appeared that browser always correctly
detected the domain. It is not immediately clear how Opera does this
check.

Example exploitation:
  1) http://example.ltd.uk/ is identified for attack. It uses the "sid"
     cookie to hold the session ID.
  2) Attacker obtains attacker.ltd.uk domain
  3) User is enticed to click link to http://attacker.ltd.uk/
  4) This site sets the "sid" cookie with domain=.ltd.uk
  5) When user logs into example.ltd.uk, they are using a sesion ID known
     to the attacker.
  6) Attacker now has a logged-in session ID and has compromised the
     user's account.

Exploitation is dependent on the user clicking an untrusted link.
However, it is fundamental to the use of the web that we do sometimes
click untrusted links. This attack can happen regardless of the use of SSL.


Cross Security Boundary Cookie Injection
----------------------------------------
Vulnerable:
  Internet Explorer     CAN-2004-0869
  Konqueror             CAN-2004-0870
  Mozilla               CAN-2004-0871
  Opera                 CAN-2004-0872

By default cookies are sent to all ports on the host that issued them,
regardless of whether SSL is in use. There is an optional "secure"
attribute that restricts sending to secure channels. This prevents
secure cookies leaking out over insecure channels. However, there is no
protection to prevent cookies set over a non-secure channel being
presented on a secure channel. In general to maintain proper boundaries
between security levels, it is necessary to defend against both attacks
  - protecting both confidentiality and integrity.

Example exploitation:
  1) https://example.com/ identified for attack, which uses "sid" cookie
     as session ID.
  2) User is enticed to click link to http://example.com/
  3) By some mechanism the attacker intercepts this request and sets the
     "sid" cookie
  4) When user logs into https://example.com/ they are using a sesion ID
     known to the attacker.
  5) Attacker now has a logged-in session ID and has compromised the
     user's account.

In addition to the user clicking an untrusted link, exploitation is
dependent on the attacker tampering with non-SSL network traffic. This
is a reasonable assumption as the purpose of SSL is to provide security
over an insecure network.


References
----------

[1] RFC2965 - HTTP State Management Mechanism
    http://www.ietf.org/rfc/rfc2965.txt

[2] Session Fixation Vulnerability in Web-based Applications
    http://www.acros.si/papers/session_fixation.pdf

[3] Persistent Client State - HTTP Cookies
    http://www.netscape.com/newsref/std/cookie_spec.html

[4] Cookies and Cookie Handling in Opera 7 Explained
    http://o.bulport.com/index.php?item=55


History
-------

16 July 2004      Vulnerabilities discovered

20 July 2004      Vendors informed

20 July 2004      Mozilla bug opened

  http://bugzilla.mozilla.org/show_bug.cgi?id=252342

  The discussion shows that the cross domain problem is a long standing
  known bug. However, one contibutor claimed the exploit is being used in
  the wild. Several fixes were suggested and it appears this bug will be
  addressed soon.

  No discussion of the SSL vs non-SSL problem.

21 July 2004      Opera respond

  The response explains that they take the cross domain problem
  seriously, and that they have solved it by doing a DNS lookup on the
  specified domain. Some information is available in [4].

  They also explained that they could not solve the cross security
  boundary problem without breaking standards and existing web apps.

  This problem has previously been reported as the "Cookie Monster bug"
  http://www.securiteam.com/exploits/Cookie_Monster_vulnerability.html

23 July 2004      Konqueror respond

  Explain that they intend to fix the cross domain problem by including a
  list of ccTLDs that, like .uk, require 3 dots. The domain are:

    name,ai,au,bd,bh,ck,eg,et,fk,il,in,kh,kr,mk,mt,na,
    np,nz,pg,pk,qa,sa,sb,sg,sv,ua,ug,uk,uy,vn,za,zw

  The brief discussion of the cross security boundary suggests they do
  not consider it possible to solve at this time.

23 Aug 2004       KDE Security Advisory released

  http://www.kde.org/info/security/advisory-20040823-1.txt

  KDE issue an advisory stating the cross-domain problem is fixed in KDE
  3.3. Patches are also available for older 3.x versions.

13 Sept 2004      Vendors notified of impending release

14 Sept 2004      CVE candidates assigned for other issues

15 Sept 2004      Microsoft respond

  Best practice for web sites to resist session fixation attacks is to
  change the session ID after authentication. They are looking at ways to
  address this in the browser. As this may cause compatibility issues and
  the issue is low risk, they have not commited to a timeline.

15 Sept 2004      Advisory published


Thanks
------

Many thanks to the vendors for their responses. Also, thanks to Steven
Christey for assigning CVE numbers.





-- 
Paul Johnston
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul@westpoint.ltd.uk
web: www.westpoint.ltd.uk


    

- 漏洞信息 (F34117)

KDE Security Advisory 2004-08-23.1 (PacketStormID:F34117)
2004-08-24 00:00:00
KDE Desktop  kde.org
advisory
CVE-2004-0746
[点击下载]

KDE Security Advisory - Konqueror suffers from a Cross-Domain Cookie Injection vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

KDE Security Advisory: Konqueror Cross-Domain Cookie Injection
Original Release Date: 2004-08-23
URL: http://www.kde.org/info/security/advisory-20040823-1.txt

0. References

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746


1. Systems affected:

        KDE versions up to KDE 3.2.3 inclusive. KDE 3.3 is not affected.


2. Overview:

	WESTPOINT internet reconnaissance services alerted the KDE
        security team that the KDE web browser Konqueror allows websites
        to set cookies for certain country specific secondary top level
        domains.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CAN-2004-0746 to this issue.


3. Impact:

        Web sites operating under the affected domains can set HTTP
        cookies in such a way that the Konqueror web browser will send them
        to all other web sites operating under the same domain.
        A malicious website can use this as part of a session fixation
        attack. See e.g. http://www.acros.si/papers/session_fixation.pdf

        Affected are all country specific secondary top level domains that
        use more than 2 characters in the secondary part of the domain name
        and that use a secondary part other than com, net, mil, org, gov, 
        edu or int. Examples of affected domains are .ltd.uk, .plc.uk and
        .firm.in

        It should be noted that popular domains such as .co.uk, .co.in
        and .com are NOT affected.


4. Solution:

        Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.


5. Patch:

        Patches for KDE 3.0.5b are available from
        ftp://ftp.kde.org/pub/kde/security_patches : 

  3d83e3235d608176f47d84abdf78e96e  post-3.0.5b-kdelibs-kcookiejar.patch

        Patches for KDE 3.1.5 are available from
        ftp://ftp.kde.org/pub/kde/security_patches : 

  eec46dc123742c23819bd4c396eb87b6  post-3.1.5-kdelibs-kcookiejar.patch

        Patches for KDE 3.2.3 are available from
        ftp://ftp.kde.org/pub/kde/security_patches : 

  ca12b078c7288ce9b2653e639a5b3ee0  post-3.2.3-kdelibs-kcookiejar.patch


6. Time line and credits:

        16/07/2004 Vulnerability discovered by WESTPOINT
        20/07/2004 KDE Security Team alerted
	20/07/2004 Patches created
	05/08/2004 Vendors notified
        23/08/2004 Public advisory

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFBJyPmN4pvrENfboIRApMgAJwKuhGdpZ/p8Q+q65ciZ+3m9jwb0wCeJGu4
QC3wYjYfsJ7Ek5FyqGIoyjI=
=V9jM
-----END PGP SIGNATURE-----
    

- 漏洞信息

10002
Multiple Browser Cross-Domain Cookie Injection

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-09-15 2004-07-16
2004-09-15 Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Multiple Browser Cross-Domain Cookie Injection Vulnerability
Design Error 11186
Yes No
2004-09-15 12:00:00 2009-07-12 07:06:00
Discovery is credited to Paul Johnston <paul@westpoint.ltd.uk>.

- 受影响的程序版本

SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux 8.1
Mozilla Firefox 0.9.2
Microsoft Internet Explorer 6.0 SP2 - do not use
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows XP Home
+ Microsoft Windows XP Home
+ Microsoft Windows XP Home
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional
KDE Konqueror 3.2.3
KDE Konqueror 3.2.1
KDE Konqueror 3.1.5
KDE Konqueror 3.1.4
KDE Konqueror 3.1.3
KDE Konqueror 3.1.2
+ KDE KDE 3.1.2
KDE Konqueror 3.1.1
+ KDE KDE 3.1.1
KDE Konqueror 3.1
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.1
KDE Konqueror 3.0.5 b
KDE Konqueror 3.0.5
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
KDE Konqueror 3.0.3
+ KDE KDE 3.0.3
KDE Konqueror 3.0.2
+ KDE KDE 3.0.2
KDE Konqueror 3.0.1
+ KDE KDE 3.0.1
KDE Konqueror 3.0
+ KDE KDE 3.0
KDE Konqueror 2.2.2
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux Advanced Work Station 2.1
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
KDE Konqueror 2.2.1
KDE Konqueror 2.1.2
KDE Konqueror 2.1.1
KDE Konqueror 3.3

- 不受影响的程序版本

KDE Konqueror 3.3

- 漏洞讨论

Multiple Browsers are reported prone to a cross-domain cookie injection vulnerability. This issue is identified in Microsoft Internet Explorer, KDE Konqueror, and Mozilla and may allow an attacker to carry out session hijacking attacks.

The issue presents itself due to a design error in multiple browsers that allows cookies to be incorrectly sent to other domains.

This BID will be divided and updated as more information becomes available.

- 漏洞利用

No exploit is required.

- 解决方案

KDE has released an advisory (advisory-20040823-1) to address this issue in Konqueror. Please see the referenced advisory for more information.

SuSE has released advisory SUSE-SA:2004:035 mainly to address the vulnerability described in BID 11281. However, in the addendum of this advisory, it is reported that fixes for the issues described in this BID for the Opera browser are now available on the SuSE update FTP server for download. Customers are advised to see the referenced advisory for further information regarding obtaining and applying appropriate updates.

Red Hat has released an advisory (RHSA-2004:412-10) to address various issues affecting KDE in Red Hat Enterprise Linux. Please see the advisory in Web references for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站