CVE-2006-3672
CVSS2.6
发布时间 :2006-07-18 11:47:00
修订时间 :2011-03-07 21:39:11
NMCOPS    

[原文]KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument.


[CNNVD]KDE Konqueror ReplaceChild方法拒绝服务漏洞(CNNVD-200607-248)

        KDE Konqueror 3.5.1及之前版本可以使远程攻击者通过在DOM对象上调用replaceChild方法,触发空指针解引用,从而引起拒绝服务(应用程序崩溃)。比如调用带0(零)自变量的document.replaceChild。

- CVSS (基础分值)

CVSS分值: 2.6 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:kde:konqueror:2.2.2
cpe:/a:kde:konqueror:3.0.5b
cpe:/a:kde:konqueror:3.1.1
cpe:/a:kde:konqueror:3.0
cpe:/a:kde:konqueror:3.2.2
cpe:/a:kde:konqueror:3.5.1
cpe:/a:kde:konqueror:3.1
cpe:/a:kde:konqueror:3.2.1
cpe:/a:kde:konqueror:3.1.4
cpe:/a:kde:konqueror:2.2.1
cpe:/a:kde:konqueror:3.3.1
cpe:/a:kde:konqueror:3.0.5
cpe:/a:kde:konqueror:3.1.5
cpe:/a:kde:konqueror:2.1.1
cpe:/a:kde:konqueror:3.0.1
cpe:/a:kde:konqueror:3.0.3
cpe:/a:kde:konqueror:3.1.2
cpe:/a:kde:konqueror:3.1.3
cpe:/a:kde:konqueror:3.3
cpe:/a:kde:konqueror:3.2.3
cpe:/a:kde:konqueror:3.3.2
cpe:/a:kde:konqueror:2.1.2
cpe:/a:kde:konqueror:3.0.2
cpe:/a:kde:konqueror:3.2.2.6

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3672
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3672
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200607-248
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/27744
(UNKNOWN)  XF  konqueror-replacechild-dos(27744)
http://www.vupen.com/english/advisories/2006/2812
(UNKNOWN)  VUPEN  ADV-2006-2812
http://www.securityfocus.com/bid/18978
(UNKNOWN)  BID  18978
http://www.osvdb.org/27058
(UNKNOWN)  OSVDB  27058
http://browserfun.blogspot.com/2006/07/mobb-14-konqueror-replacechild.html
(UNKNOWN)  MISC  http://browserfun.blogspot.com/2006/07/mobb-14-konqueror-replacechild.html
http://www.ubuntu.com/usn/usn-322-1
(UNKNOWN)  UBUNTU  USN-322-1
http://www.mandriva.com/security/advisories?name=MDKSA-2006:130
(UNKNOWN)  MANDRIVA  MDKSA-2006:130

- 漏洞信息

KDE Konqueror ReplaceChild方法拒绝服务漏洞
低危 其他
2006-07-18 00:00:00 2006-07-20 00:00:00
远程  
        KDE Konqueror 3.5.1及之前版本可以使远程攻击者通过在DOM对象上调用replaceChild方法,触发空指针解引用,从而引起拒绝服务(应用程序崩溃)。比如调用带0(零)自变量的document.replaceChild。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        KDE kdelibs 3.5.2
        Ubuntu kdelibs-bin_3.5.2-0ubuntu18.1_amd64.deb
        Ubuntu 6.06 LTS:
        http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5. 2-0ubuntu18.1_amd64.deb
        Ubuntu kdelibs-bin_3.5.2-0ubuntu18.1_i386.deb
        Ubuntu 6.06 LTS:
        http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5. 2-0ubuntu18.1_i386.deb
        Ubuntu kdelibs-bin_3.5.2-0ubuntu18.1_powerpc.deb
        Ubuntu 6.06 LTS:
        http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5. 2-0ubuntu18.1_powerpc.deb
        Ubuntu kdelibs-bin_3.5.2-0ubuntu18.1_sparc.deb
        Ubuntu 6.06 LTS:
        http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5. 2-0ubuntu18.1_sparc.deb
        Ubuntu kdelibs-data_3.5.2-0ubuntu18.1_all.deb
        Ubuntu 6.06 LTS:
        http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5 .2-0ubuntu18.1_all.deb
        Ubuntu kdelibs-dbg_3.5.2-0ubuntu18.1_amd64.deb
        Ubuntu 6.06 LTS:
        http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5. 2-0ubuntu18.1_amd64.deb
        Ubuntu kdelibs-dbg_3.5.2-0ubuntu18.1_i386.deb
        Ubuntu 6.06 LTS:
        http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5. 2-0ubuntu18.1_i386.deb
        Ubuntu kdelibs-dbg_3.5.2-0ubuntu18.1_powerpc.deb
        Ubuntu 6.06 LTS:
        http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5. 2-0ubuntu18.1_powerpc.deb
        Ubuntu kdelibs-dbg_3.5.2-0ubuntu18.1_sparc.deb
        Ubuntu 6.06 LTS:
        http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5. 2-0ubuntu18.1_sparc.deb
        Ubuntu kdelibs_3.5.2-0ubuntu18.1_all.deb
        Ubuntu 6.06 LTS:
        http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0u buntu18.1_all.deb
        Ubuntu kdelibs4-dev_3.5.2-0ubuntu18.1_amd64.deb
        Ubuntu 6.06 LTS:
        http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5 .2-0ubuntu18.1_amd64.deb
        Ubuntu kdelibs4-dev_3.5.2-0ubuntu18.1_i386.deb
        Ubuntu 6.06 LTS:
        http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5 .2-0ubuntu18.1_i386.deb
        Ubuntu kdelibs4-dev_3.5.2-0ubuntu18.1_powerpc.deb
        Ubuntu 6.06 LTS:
        http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5 .2-0ubuntu18.1_powerpc.deb
        Ubuntu kdelibs4-dev_3.5.2-0ubuntu18.1_sparc.deb
        Ubuntu 6.06 LTS:
        http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5 .2-0ubuntu18.1_sparc.deb
        Ubuntu kdelibs4-doc_3.5.2-0ubuntu18.1_all.deb
        Ubuntu 6.06 LTS:
        http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5 .2-0ubuntu18.1_all.deb
        Ubuntu kdelibs4c2a_3.5.2-0ubuntu18.1_amd64.deb
        Ubuntu 6.06 LTS:
        http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5. 2-0ubuntu18.1_amd64.deb
        Ubuntu kdelibs4c2a_3.5.2-0ubuntu18.1_i386.deb
        Ubuntu 6.06 LTS:
        http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5. 2-0ubuntu18.1_i386.deb
        Ubuntu kdelibs4c2a_3.5.2-0ubuntu18.1_powerpc.deb
        Ubuntu 6.06 LTS:
        http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5. 2-0ubuntu18.1_powerpc.deb
        Ubuntu kdelibs4c2a_3.5.2-0ubuntu18.1_sparc.deb
        Ubuntu 6.06 LTS:
        http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5. 2-0ubuntu18.1_sparc.deb
        

- 漏洞信息 (F48459)

Mandriva Linux Security Advisory 2006.130 (PacketStormID:F48459)
2006-07-24 00:00:00
Mandriva  mandriva.com
advisory,remote,denial of service
linux,mandriva
CVE-2006-3672
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-130 - KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:130
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kdelibs
 Date    : July 20, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial 
 of service (application crash) by calling the replaceChild method on a 
 DOM object, which triggers a null dereference, as demonstrated by calling 
 document.replaceChild with a 0 (zero) argument.
 
 This issue does not affect Corporate 3.0.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3672
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 9c08048d1eae88a7b1969464d026383d  2006.0/RPMS/kdelibs-common-3.4.2-31.4.20060mdk.i586.rpm
 03181cb4ee659c54cde567e36bb8d0ee  2006.0/RPMS/kdelibs-devel-doc-3.4.2-31.4.20060mdk.i586.rpm
 5a1e16d3e441004c80ced1a4537fa9a5  2006.0/RPMS/libkdecore4-3.4.2-31.4.20060mdk.i586.rpm
 2dfd44b73866f4a8551f9368553a1d44  2006.0/RPMS/libkdecore4-devel-3.4.2-31.4.20060mdk.i586.rpm
 76afd9e941b89499e0e3b4bf2045ffad  2006.0/SRPMS/kdelibs-3.4.2-31.4.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 5de19da9121964246ee06c9eab9ece91  x86_64/2006.0/RPMS/kdelibs-common-3.4.2-31.4.20060mdk.x86_64.rpm
 392daaeb1744ea56dfd6005c0ee1500a  x86_64/2006.0/RPMS/kdelibs-devel-doc-3.4.2-31.4.20060mdk.x86_64.rpm
 4a2b6d8f83f9d5d00b2272334ddf6f24  x86_64/2006.0/RPMS/lib64kdecore4-3.4.2-31.4.20060mdk.x86_64.rpm
 137d119a30a44a9abc4d221354883599  x86_64/2006.0/RPMS/lib64kdecore4-devel-3.4.2-31.4.20060mdk.x86_64.rpm
 5a1e16d3e441004c80ced1a4537fa9a5  x86_64/2006.0/RPMS/libkdecore4-3.4.2-31.4.20060mdk.i586.rpm
 2dfd44b73866f4a8551f9368553a1d44  x86_64/2006.0/RPMS/libkdecore4-devel-3.4.2-31.4.20060mdk.i586.rpm
 76afd9e941b89499e0e3b4bf2045ffad  x86_64/2006.0/SRPMS/kdelibs-3.4.2-31.4.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEv+5ymqjQ0CJFipgRAqSDAJ4ycbtCUKmCDqnVlOhdr3Ttm4CD1gCglwCr
1qShFrVNRkicIV7VRZfOmiY=
=WFx4
-----END PGP SIGNATURE-----

    

- 漏洞信息

27058
KDE Konqueror replaceChild() NULL Dereference
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public Vendor Verified

- 漏洞描述

KDE contains a flaw that may allow a remote denial of service. The issue is triggered when a DOM element uses the document.replaceChild() method with the parameter set to zero. This will result in loss of availability for the KDE browser due to a NULL dereference.

- 时间线

2006-07-13 Unknow
2006-07-14 Unknow

- 解决方案

Upgrade to version 3.5.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

KDE Konqueror ReplaceChild Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 18978
Yes No
2006-07-14 12:00:00 2006-09-06 11:18:00
This issue has been discovered by hdm.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
KDE Konqueror 3.5.1
KDE kdelibs 3.5.2
+ Gentoo Linux
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0

- 不受影响的程序版本

MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0

- 漏洞讨论

KDE Konqueror is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a malicious website.

Remote attackers may exploit this issue to crash Konqueror, effectively denying service to legitimate users.

- 漏洞利用

A specific exploit is not required.

An example proof of concept has been provided:

- 解决方案

Currently we are not aware of any official vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com.

Please see the referenced advisories for details on obtaining updates.


KDE kdelibs 3.5.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站