ISS X-Force Database: kde-url-handler-gain-access(16163): KDE URL handler allows attacker unauthorized access

KDE URL handler allows attacker unauthorized access

kde-url-handler-gain-access (16163)

High Risk

Description:

K Desktop Environment (KDE) could allow a remote attacker to gain unauthorized access on the system. By creating a specially-crafted Telnet, rlogin, SSH (Secure Shell) or mailto URL handler containing a dash (-) character prior to the hostname and followed by a command option, a remote attacker could create or overwrite files on the vulnerable system or gain unauthorized access to sensitive information, once the URL is clicked.

Platforms Affected:

Conectiva, Linux 8.0
Conectiva, Linux 9.0
Debian, Debian Linux 3.0
Gentoo, Linux
KDE, K Desktop Environment (KDE) 3.2.2 and prior
MandrakeSoft, Mandrake Linux 10.0 AMD64
MandrakeSoft, Mandrake Linux 10.0
MandrakeSoft, Mandrake Linux 9.2 AMD64
MandrakeSoft, Mandrake Linux 9.2
RedHat, Enterprise Linux 2.1 AW
RedHat, Enterprise Linux 2.1 WS
RedHat, Enterprise Linux 2.1 AS
RedHat, Enterprise Linux 2.1 ES
RedHat, Enterprise Linux 3 ES
RedHat, Enterprise Linux 3 AS
RedHat, Enterprise Linux 3 Desktop
RedHat, Enterprise Linux 3 WS
RedHat, Linux Advanced Workstation 2.1 Itanium
Slackware, Slackware Linux 9.0
Slackware, Slackware Linux 9.1
Slackware, Slackware Linux current
SuSE, SuSE Linux 8.0
SuSE, SuSE Linux 8.1
SuSE, SuSE Linux 8.2
SuSE, SuSE Linux 9.0
SuSE, SuSE Linux 9.1
SuSE, SuSE Linux Connectivity Server
SuSE, SuSE Linux Database Server
SuSE, SuSE Linux Desktop 1.0
SuSE, SuSE Linux Enterprise Server 7.0
SuSE, SuSE Linux Office Server

Remedy:

Apply the appropriate patch for your system, as listed in KDE Security Advisory 2004-05-17. See References.

For Slackware Linux:
Upgrade to the latest kdelibs package, as listed below. Refer to slackware-security Mailing List, Tue, 18 May 2004 00:08:28 -0700 (PDT) for more information. See References.

Slackware Linux 9.0: 3.1.3a-i386-2 or later
Slackware Linux 9.1: 3.1.4-i486-2 or later
Slackware Linux -current: 3.2.2-i486-2 or later

For Red Hat Linux:
Upgrade to the latest kdelibs package, as listed below. Refer to RHSA-2004:222-11 for more information. See References.

Red Hat Enterprise Linux AS (v. 2.1), ES (v. 2.1), WS (v. 2.1), and Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor: 2.2.2-11 or later

Red Hat Enterprise Linux AS (v. 3), ES (v. 3), WS (v. 3), Desktop: 3.1.3-6.4.x86_64 or later

For Gentoo Linux:
Upgrade to the latest version of kdelibs (3.1.5-rl or 3.2.2-rl or later), as listed in GLSA 200405-11. See References.

For Conectiva Linux:
Upgrade to the latest kde package, as listed below. Refer to Conectiva Linux Security Advisory CLSA-2004:843 for more information. See References.

Conectiva Linux 8: 3.0.5b-1U80_3cl or later
Conectiva Linux 9: 3.1.5-28535U90_4cl or later

For SuSE Linux:
Upgrade to the latest kdelibs package, as listed below. Refer to SuSE Security Announcement SuSE-SuSE-SA:2003:014 for more information. See References.

SuSE Linux 9.1: 3.2.1-44.10 or later
SuSE Linux 9.0: 3.1.4-51 or later
SuSE Linux 8.2: 3.1.1-139 or later
SuSE Linux 8.1: 3.0.5-54 or later
SuSE Linux 8.0: 3.0-120 or later

For Debian GNU/Linux 3.0 (alias woody):
Upgrade to the latest kdelibs package (2.2.2-13.woody.10 or later), as listed in DSA-518-1. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Access

References:

CIAC Information Bulletin O-146, kdelibs Package Vulnerabilities at http://www.ciac.org/ciac/bulletins/o-146.shtml.
Conectiva Linux Security Advisory CLSA-2004:843, kde at http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000843.
GLSA 200405-11, KDE URI Handler Vulnerabilities at http://www.linuxsecurity.com/content/view/106071/104/. (From LinuxSecurity Archive)
KDE Security Advisory 2004-05-17, URI Handler Vulnerabilities at http://www.kde.org/info/security/advisory-20040517-1.txt.
slackware-security Mailing List, Tue, 18 May 2004 00:08:28 -0700 (PDT), kdelibs (SSA:2004-238-01) at http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.362635.
BID-10358: KDE Multiple URI Handler Vulnerabilities
CVE-2004-0411: The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter - characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.
DSA-518: kdelibs -- unsanitised input
GLSA-200405-11: KDE URI Handler Vulnerabilities
MDKSA-2004:047: Updated kdelibs packages fix URI handling vulnerabilities
OSVDB ID: 6107: Multiple Browser Telnet URI Handler File Manipulation
RHSA-2004-222: kdelibs security update
SA11602: Multiple Browsers Telnet URI Handler File Manipulation Vulnerability
SUSE-SA:2003:014: kdelibs: remote file creation

Reported:

May 17, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page