CVE-2004-1145
CVSS5.0
发布时间 :2004-12-15 00:00:00
修订时间 :2016-10-17 22:51:42
NMCOPS    

[原文]Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.


[CNNVD]Konqueror任意Java Applet运行漏洞(CNNVD-200412-068)

        
        KDE是一款X Windows系统的图形桌面环境。Konqueror是K桌面环境的文件管理器,也可用于浏览WEB。
        Konqueror WEB浏览器存在两个漏洞,远程攻击者可以利用这些漏洞绕过安全限制,执行恶意Java Applet。
        第一个问题是通过JavaScript可访问受限制的Java类,可导致提升Java-Applet的权限,另外一个问题是Konqueror不正确限制从Java-applet自身访问部分Java类,可导致特权提升。
        当用户使用开启Java功能的Konqueror访问恶意页面时,站点可运行Java-applet,提升特权,允许以用户进程权限读写任意文件。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:debian:debian_linux:3.0::ia-32
cpe:/o:redhat:enterprise_linux:2.1::advanced_server
cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
cpe:/o:debian:debian_linux:3.0::ppc
cpe:/o:debian:debian_linux:3.0::hppa
cpe:/o:suse:suse_linux:8.0::i386
cpe:/a:ethereal_group:ethereal:0.9.10
cpe:/a:ethereal_group:ethereal:0.9.11
cpe:/o:debian:debian_linux:3.0::sparc
cpe:/a:ethereal_group:ethereal:0.9.14
cpe:/a:ethereal_group:ethereal:0.9.15
cpe:/a:ethereal_group:ethereal:0.9.12
cpe:/a:ethereal_group:ethereal:0.9
cpe:/a:ethereal_group:ethereal:0.9.13
cpe:/o:debian:debian_linux:3.0::s-390
cpe:/a:ethereal_group:ethereal:0.9.16
cpe:/o:debian:debian_linux:3.0::arm
cpe:/o:conectiva:linux:9.0Conectiva Linux 9.0
cpe:/o:debian:debian_linux:3.0::mipsel
cpe:/o:debian:debian_linux:3.0::mips
cpe:/o:debian:debian_linux:3.0::alpha
cpe:/a:ethereal_group:ethereal:0.9.2
cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64
cpe:/a:ethereal_group:ethereal:0.9.1
cpe:/o:redhat:linux_advanced_workstation:2.1::ia64
cpe:/o:suse:suse_linux:9.0SuSE SuSE Linux 9.0
cpe:/o:redhat:linux_advanced_workstation:2.1::itanium_processor
cpe:/o:suse:suse_linux:9.2SuSE SuSE Linux 9.2
cpe:/o:suse:suse_linux:9.1SuSE SuSE Linux 9.1
cpe:/o:redhat:enterprise_linux:3.0::advanced_server
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server
cpe:/a:ethereal_group:ethereal:0.10.2
cpe:/o:conectiva:linux:10.0Conectiva Linux 10.0
cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64
cpe:/a:ethereal_group:ethereal:0.10.1
cpe:/a:ethereal_group:ethereal:0.10.4
cpe:/a:ethereal_group:ethereal:0.10.3
cpe:/a:ethereal_group:ethereal:0.10.6
cpe:/o:suse:suse_linux:9.0::x86_64
cpe:/a:ethereal_group:ethereal:0.10.5
cpe:/o:altlinux:alt_linux:2.3::junior
cpe:/a:ethereal_group:ethereal:0.10.7
cpe:/o:altlinux:alt_linux:2.3::compact
cpe:/o:debian:debian_linux:3.0::m68k
cpe:/a:ethereal_group:ethereal:0.9.6
cpe:/a:ethereal_group:ethereal:0.9.5
cpe:/a:ethereal_group:ethereal:0.9.4
cpe:/a:ethereal_group:ethereal:0.9.3
cpe:/a:ethereal_group:ethereal:0.9.9
cpe:/o:redhat:enterprise_linux:3.0::workstation_server
cpe:/a:ethereal_group:ethereal:0.9.8
cpe:/a:sgi:propack:3.0SGI ProPack 3.0
cpe:/o:redhat:enterprise_linux:2.1::workstation
cpe:/a:ethereal_group:ethereal:0.9.7
cpe:/o:redhat:enterprise_linux_desktop:3.0Red Hat Desktop 3.0
cpe:/o:debian:debian_linux:3.0::ia-64
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64
cpe:/o:suse:suse_linux:8.1SuSE SuSE Linux 8.1
cpe:/o:suse:suse_linux:8.0SuSE SuSE Linux 8.0
cpe:/a:ethereal_group:ethereal:0.10
cpe:/o:suse:suse_linux:8.2SuSE SuSE Linux 8.2

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10173Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not pro...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1145
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1145
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-068
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=110356286722875&w=2
(UNKNOWN)  BUGTRAQ  20041220 KDE Security Advisory: Konqueror Java Vulnerability
http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200501-16
http://www.heise.de/security/dienste/browsercheck/tests/java.shtml
(VENDOR_ADVISORY)  MISC  http://www.heise.de/security/dienste/browsercheck/tests/java.shtml
http://www.kb.cert.org/vuls/id/420222
(VENDOR_ADVISORY)  CERT-VN  VU#420222
http://www.kde.org/info/security/advisory-20041220-1.txt
(VENDOR_ADVISORY)  CONFIRM  http://www.kde.org/info/security/advisory-20041220-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2004:154
(UNKNOWN)  MANDRAKE  MDKSA-2004:154
http://www.redhat.com/support/errata/RHSA-2005-065.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:065
http://xforce.iss.net/xforce/xfdb/18596
(VENDOR_ADVISORY)  XF  konqueror-sandbox-restriction-bypass(18596)

- 漏洞信息

Konqueror任意Java Applet运行漏洞
中危 设计错误
2004-12-15 00:00:00 2005-10-20 00:00:00
远程  
        
        KDE是一款X Windows系统的图形桌面环境。Konqueror是K桌面环境的文件管理器,也可用于浏览WEB。
        Konqueror WEB浏览器存在两个漏洞,远程攻击者可以利用这些漏洞绕过安全限制,执行恶意Java Applet。
        第一个问题是通过JavaScript可访问受限制的Java类,可导致提升Java-Applet的权限,另外一个问题是Konqueror不正确限制从Java-applet自身访问部分Java类,可导致特权提升。
        当用户使用开启Java功能的Konqueror访问恶意页面时,站点可运行Java-applet,提升特权,允许以用户进程权限读写任意文件。
        

- 公告与补丁

        厂商补丁:
        KDE
        ---
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载升级到KDE 3.3.2版本或采用如下补丁:
        ftp://ftp.kde.org/pub/kde/security_patches :
        7fc001d010c640738ed7d2fe347f002d post-3.2.3-kdelibs-khtml-java.tar.bz2

- 漏洞信息 (F35446)

KDE Security Advisory 2004-12-20.1 (PacketStormID:F35446)
2004-12-30 00:00:00
KDE Desktop  kde.org
advisory,javascript
CVE-2004-1145
[点击下载]

KDE Security Advisory: Two flaws in the Konqueror webbrowser make it possible to by pass the sandbox environment which is used to run Java-applets. One flaw allows access to restricted Java classes via JavaScript, making it possible to escalate the privileges of the Java-applet. The other problem is that Konqueror fails to correctly restrict access to certain Java classes from the Java-applet itself. All versions of KDE up to KDE 3.3.1 inclusive. KDE 3.3.2 is not affected.

KDE Security Advisory: Konqueror Java Vulnerability
Original Release Date: 2004-12-20
URL: http://www.kde.org/info/security/advisory-20041220-1.txt

0. References

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1145
        http://www.heise.de/security/dienste/browsercheck/tests/java.shtml

1. Systems affected:

        All versions of KDE up to KDE 3.3.1 inclusive. KDE 3.3.2 is not
        affected.


2. Overview:

        Two flaws in the Konqueror webbrowser make it possible to by pass
        the sandbox environment which is used to run Java-applets.
        One flaw allows access to restricted Java classes via JavaScript,
        making it possible to escalate the privileges of the Java-applet.
        The other problem is that Konqueror fails to correctly restrict
        access to certain Java classes from the Java-applet itself.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CAN-2004-1145 to this issue.


3. Impact:

        When a user has Java enabled in Konqueror and visits a malicious
        website, the website can run a Java-applet and obtain escalated
        privileges allowing reading and writing of arbitrary files with
        the privileges of the user.


4. Solution:

        Upgrade to KDE 3.3.2

        A backport has been made available for older versions which fixes
        this vulnerability. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.


5. Patch:

	For KDE 3.2.3 a backport of the new Java handling is available from
	ftp://ftp.kde.org/pub/kde/security_patches :

  7fc001d010c640738ed7d2fe347f002d  post-3.2.3-kdelibs-khtml-java.tar.bz2


6. Time line and credits:

        24/11/2004 security@kde.org contacted by heise Security
	29/11/2004 Fixed in KDE CVS by Koos Vriezen
        14/12/2004 Backport for KDE 3.2.3
	20/12/2004 KDE Advisory released
    

- 漏洞信息

12512
KDE Konqueror Restricted Class Access Java Sandbox Bypass

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-12-20 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

KDE Konqueror Multiple Remote Java Sandbox Bypass Vulnerabilities
Design Error 12046
Yes No
2004-12-20 12:00:00 2009-07-12 09:26:00
Discovery of this issue is credited to Heise Security.

- 受影响的程序版本

S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
Red Hat Fedora Core3
Red Hat Fedora Core2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
KDE Konqueror 3.3.1
KDE Konqueror 3.3
KDE Konqueror 3.2.3
KDE Konqueror 3.2.2 -6
KDE Konqueror 3.2.1
KDE Konqueror 3.1.5
KDE Konqueror 3.1.4
KDE Konqueror 3.1.3
KDE Konqueror 3.1.2
+ KDE KDE 3.1.2
KDE Konqueror 3.1.1
+ KDE KDE 3.1.1
KDE Konqueror 3.1
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.1
KDE Konqueror 3.0.5 b
KDE Konqueror 3.0.5
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
KDE Konqueror 3.0.3
+ KDE KDE 3.0.3
KDE Konqueror 3.0.2
+ KDE KDE 3.0.2
KDE Konqueror 3.0.1
+ KDE KDE 3.0.1
KDE Konqueror 3.0
+ KDE KDE 3.0
KDE KDE 3.3.1
+ Red Hat Fedora Core3
KDE KDE 3.3
KDE KDE 3.2.3
KDE KDE 3.2.2
+ KDE KDE 3.2.2
+ Red Hat Fedora Core2
KDE KDE 3.2.1
KDE KDE 3.2
KDE KDE 3.1.5
KDE KDE 3.1.4
KDE KDE 3.1.3
+ Red Hat Enterprise Linux AS 3
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
KDE KDE 3.1.2
+ Conectiva Linux 9.0
+ Conectiva Linux 9.0
+ KDE KDE 3.1.2
KDE KDE 3.1.1 a
KDE KDE 3.1.1
+ Conectiva Linux 9.0
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. Linux Personal 8.2
KDE KDE 3.1
+ RedHat Linux 9.0 i386
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.1
KDE KDE 3.0.5 b
KDE KDE 3.0.5 a
+ RedHat Linux 8.0 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3 i386
KDE KDE 3.0.5
+ Conectiva Linux 8.0
KDE KDE 3.0.4
+ Conectiva Linux 8.0
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ Gentoo Linux 1.2
KDE KDE 3.0.3 a
KDE KDE 3.0.3
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ Conectiva Linux Enterprise Edition 1.0
+ FreeBSD FreeBSD 4.7 -STABLE
+ FreeBSD FreeBSD 4.7 -STABLE
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
KDE KDE 3.0.2
+ Mandriva Linux Mandrake 8.2
KDE KDE 3.0.1
KDE KDE 3.0
+ Conectiva Linux 8.0
KDE Konqueror 3.3.2
KDE KDE 3.3.2
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Debian Linux 3.1
+ Debian Linux 3.1

- 不受影响的程序版本

KDE Konqueror 3.3.2
KDE KDE 3.3.2
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Debian Linux 3.1
+ Debian Linux 3.1

- 漏洞讨论

KDE Konqueror is a freely available, open source web browser distributed and maintained by the KDE project. It is available for the UNIX and Linux operating systems.

Multiple remote Java sandbox bypass vulnerabilities affect KDE Konqueror. These issues are due to a failure of the application to properly secure the Java web plug-in.

The first issue is a failure of the application to restrict access to sensitive Java classes from the Java browser plug-in. The second issue is a failure of the application to restrict access to sensitive Java classes from JavaScript scripts.

These issues may be leveraged to carry out a variety of unspecified attacks including sensitive information disclosure and denial of service attacks. Any successful exploitation would take place with the privileges of the user running the affected browser application.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

KDE has released KDE version 3.3.2 dealing with this issue.

Mandrake Linux has released an advisory (MDKSA-2004:154) along with fixes dealing with this issue. Please see the referenced advisory for more information.

Gentoo has released an advisory to provide updates for this issue. Updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose kde-base/kdelibs

Fedora has released advisories FEDORA-2005-063 and FEDORA-2005-064 for Fedora Core 2 and 3. These advisories contain updated kdelibs packages. Please see the referenced advisories for more information.

SuSE Linux has released a security summary report (SUSE-SR:2005:003) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.


KDE KDE 3.0

KDE KDE 3.0.1

KDE KDE 3.0.2

KDE KDE 3.0.3 a

KDE KDE 3.0.3

KDE KDE 3.0.4

KDE KDE 3.0.5

KDE KDE 3.0.5 b

KDE KDE 3.0.5 a

KDE KDE 3.1

KDE KDE 3.1.1

KDE KDE 3.1.1 a

KDE KDE 3.1.2

KDE KDE 3.1.3

KDE KDE 3.1.4

KDE KDE 3.1.5

KDE KDE 3.2

KDE KDE 3.2.1

KDE KDE 3.2.2

KDE KDE 3.2.3

KDE KDE 3.3

KDE KDE 3.3.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站