CVE-2004-1158
CVSS7.5
发布时间 :2005-01-10 00:00:00
修订时间 :2016-11-18 21:59:18
NMCOPS    

[原文]Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.


[CNNVD]Konquero 窗口劫持漏洞(CNNVD-200501-085)

        Konqueror是一款开源的Web浏览器。
        Konqueror 3.x至3.2.2-6以及其他版本存在窗口劫持漏洞。
        远程攻击者可利用漏洞实施欺骗,例如在可信的Web站点上使用弹出窗口。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:kde:konqueror:3.0.5
cpe:/a:kde:konqueror:3.1.4
cpe:/a:kde:konqueror:3.2.3
cpe:/a:kde:konqueror:3.3.2
cpe:/a:kde:konqueror:3.1.5
cpe:/o:redhat:fedora_core:core_3.0
cpe:/o:redhat:fedora_core:core_2.0
cpe:/a:kde:konqueror:3.0.1
cpe:/a:kde:konqueror:3.0.2
cpe:/a:kde:konqueror:3.1.1
cpe:/o:mandrakesoft:mandrake_linux:10.1MandrakeSoft Mandrake Linux 10.1
cpe:/a:kde:konqueror:2.1.1
cpe:/o:mandrakesoft:mandrake_linux:10.0MandrakeSoft Mandrake Linux 10.0
cpe:/a:kde:konqueror:2.1.2
cpe:/a:kde:konqueror:2.2.1
cpe:/a:kde:konqueror:3.1
cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64
cpe:/a:kde:konqueror:2.2.2
cpe:/a:kde:konqueror:3.0
cpe:/a:kde:konqueror:3.3
cpe:/a:kde:konqueror:3.2.2.6
cpe:/o:mandrakesoft:mandrake_linux:10.1::x86_64
cpe:/a:kde:konqueror:3.0.3
cpe:/a:kde:konqueror:3.1.2
cpe:/a:kde:konqueror:3.2.1
cpe:/a:kde:konqueror:3.1.3
cpe:/a:kde:konqueror:3.3.1
cpe:/a:kde:konqueror:3.0.5b

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11056Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1158
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1158
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-085
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=110296048613575&w=2
(UNKNOWN)  BUGTRAQ  20041213 KDE Security Advisory: Konqueror Window Injection Vulnerability
http://www.kde.org/info/security/advisory-20041213-1.txt
(UNKNOWN)  CONFIRM  http://www.kde.org/info/security/advisory-20041213-1.txt
http://www.novell.com/linux/security/advisories/2005_01_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:001
http://www.redhat.com/support/errata/RHSA-2005-009.html
(UNKNOWN)  REDHAT  RHSA-2005:009
http://www.securityfocus.com/bid/11853
(VENDOR_ADVISORY)  BID  11853

- 漏洞信息

Konquero 窗口劫持漏洞
高危 设计错误
2005-01-10 00:00:00 2005-10-20 00:00:00
远程  
        Konqueror是一款开源的Web浏览器。
        Konqueror 3.x至3.2.2-6以及其他版本存在窗口劫持漏洞。
        远程攻击者可利用漏洞实施欺骗,例如在可信的Web站点上使用弹出窗口。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.kde.org/

- 漏洞信息 (F35318)

KDE Security Advisory 2004-12-13.1 (PacketStormID:F35318)
2004-12-30 00:00:00
KDE Desktop  kde.org
advisory,web
CVE-2004-1158
[点击下载]

KDE Security Advisory: The Konqueror web browser allows websites to load web pages into a window or tab currently used by another website. This vulnerability is similar to the Konqueror Frame Injection Vulnerability reported on 2004-08-11 but the solution offered as part of that advisory did not cover the window case. All versions of KDE up to KDE 3.3.2 inclusive.

KDE Security Advisory: Konqueror Window Injection Vulnerability
Original Release Date: 2004-12-13
URL: http://www.kde.org/info/security/advisory-20041213-1.txt

0. References

     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1158
     http://secunia.com/advisories/13254/
     http://secunia.com/secunia_research/2004-13/advisory
     http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
     http://bugs.kde.org/show_bug.cgi?id=94812
     http://www.kde.org/info/security/advisory-20040811-3.txt

1. Systems affected:

        All versions of KDE up to KDE 3.3.2 inclusive. 


2. Overview:

        The Konqueror webbrowser allows websites to load webpages into
        a window or tab currently used by another website.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CAN-2004-1158 to this issue.

        This vulnerability is similar to the Konqueror Frame Injection
        Vulnerability reported on 2004-08-11 but the solution offered
        as part of that advisory did not cover the window case.

3. Impact:

        A malicious website could abuse Konquer to load its own content
        into a window or tab that was opened by a trusted website or
        it could trick a trusted website into loading content into an
        existing window or tab. This may be abused to confuse the user
        about the origin of a certain webpage. As a result the user may
        unknowingly send confidential information intended for the trusted
        website to the malicious website.
                

4. Solution:

        Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.


5. Patch:

        Patches for KDE 3.2.3 are available from
        ftp://ftp.kde.org/pub/kde/security_patches : 

  4d61d568e822d781308caa73050930bd  post-3.2.3-kdelibs-htmlframes2.patch
  7340cfd22ee46a6d65e001179c082b08  post-3.2.3-kdebase-htmlframes2.patch

        Patches for KDE 3.3.2 are available from
        ftp://ftp.kde.org/pub/kde/security_patches : 

  d2e513a039ba44becf5728b983b78fc4  post-3.3.2-kdelibs-htmlframes2.patch
  31688394bea2dd685371d9d3da9ec2ab  post-3.3.2-kdebase-htmlframes2.patch


6. Time line and credits:


        19/11/2004 security@kde.org contacted by Secunia
	08/12/2004 Advisory & test case publishd by Secunia
        11/12/2004 Konqueror patches posted for review
	13/12/2004 KDE Advisory released
    

- 漏洞信息

59846
KDE Konqueror Cross-domain Browser Window Injection Content Spoofing
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

- 时间线

2004-12-08 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

KDE Konqueror Remote Window Hijacking Vulnerability
Design Error 11853
Yes No
2004-12-08 12:00:00 2009-07-12 08:07:00
Discovery of the issue is credited to Secunia Research.

- 受影响的程序版本

SGI ProPack 3.0
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
KDE Konqueror 3.3.2
KDE Konqueror 3.3.1
KDE Konqueror 3.3
KDE Konqueror 3.2.3
KDE Konqueror 3.2.2 -6
KDE Konqueror 3.2.1
KDE Konqueror 3.1.5
KDE Konqueror 3.1.4
KDE Konqueror 3.1.3
KDE Konqueror 3.1.2
+ KDE KDE 3.1.2
KDE Konqueror 3.1.1
+ KDE KDE 3.1.1
KDE Konqueror 3.1
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.1
KDE Konqueror 3.0.5 b
KDE Konqueror 3.0.5
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
KDE Konqueror 3.0.3
+ KDE KDE 3.0.3
KDE Konqueror 3.0.2
+ KDE KDE 3.0.2
KDE Konqueror 3.0.1
+ KDE KDE 3.0.1
KDE Konqueror 3.0
+ KDE KDE 3.0
KDE Konqueror 2.2.2
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux Advanced Work Station 2.1
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
KDE Konqueror 2.2.1
KDE Konqueror 2.1.2
KDE Konqueror 2.1.1

- 漏洞讨论

Konqueror is reported prone to a vulnerability that may allow a Web site to hijack the contents of a trusted window. This issue may allow a remote attacker to carry out phishing style attacks.

This issue arises as a user visits a malicious site and follows a link to a trusted site. Once the link to the trusted site is followed, the victim must open a pop up window from the trusted site that can be influenced by the attacker's site.

If successful, the contents of the target site's window can be spoofed resulting in phishing style attacks.

Konqueror 3.2.2-6 is reported vulnerable to this issue, however, it is possible that other versions are affected as well.

- 漏洞利用

A proof of concept is available from the following location:

http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

- 解决方案

KDE has released an advisory with patches for KDE 3.2.3 and 3.3.2. Please see the advisory in Web references for more information.

RedHat has released advisories FEDORA-2004-548, FEDORA-2004-549, FEDORA-2004-550, and FEDORA-2004-551 to address this issue in Fedora Core 2 and 3. Please see the referenced advisories for further information.

Mandrake has released advisory MDKSA-2004:150 and fixes to address this issue. Please see the referenced advisory for further information.

Gentoo has released an advisory to provide updates for this issue. Updates may be applied by running the following commands as the superuser:

(For kdelibs)
emerge --sync
emerge --ask --oneshot --verbose ">=kde-base/kdelibs-3.2.3-r4"

(For kdebase)
emerge --sync
emerge --ask --oneshot --verbose ">=kde-base/kdebase-3.2.3-r3"

SuSE Linux has released a security summary report (SUSE-SR:2005:003) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.

Red Hat has released advisory RHSA-2005:009-19 to address issues in KDE. Please see the advisory in Web references for more information.

SGI has released advisory 20050207-01-U including Patch 10144 that contains updated SGI ProPack 3 Service Pack 4 RPMs for the SGI Altix products. This patch addresses various issues. Please see the referenced advisory for more information.


SGI ProPack 3.0

KDE Konqueror 3.2.3

KDE Konqueror 3.3.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站