Konqueror bypass sandbox restriction

konqueror-sandbox-restriction-bypass (18596) The risk level is classified as MediumMedium Risk

Description:

Konqueror could allow a remote attacker to bypass sandbox restrictions, caused by the improper restriction of certain Java classes accessible via Javascript and Java applets. If Java is enabled in the victim's Web browser, a remote attacker could create a Web page containing a malicious Java applet, which would allow the attacker to read and write arbitrary files with user privileges, once the victim visits the malicious Web page.

Platforms Affected:

  • Gentoo, Linux
  • KDE, KDE prior to 3.3.2
  • MandrakeSoft, Mandrake Linux 10.0
  • MandrakeSoft, Mandrake Linux 10.0 AMD64
  • MandrakeSoft, Mandrake Linux 10.1 X86_64
  • MandrakeSoft, Mandrake Linux 10.1
  • RedHat, Enterprise Linux 4 WS
  • RedHat, Enterprise Linux 4 ES
  • RedHat, Enterprise Linux 4 Desktop
  • RedHat, Enterprise Linux 4 AS

Remedy:

Upgrade to the latest version of KDE (3.3.2 or later), available from the KDE Web site. See References.

—OR—

For KDE 3.2.3:
Apply the kdelibs-khtml-java patch, available from the KDE Web site. See References.

For Mandrake Linux:
Upgrade to the kdelibs package as listed below. Refer to Mandrakesoft Security Advisory MDKSA-2004:154 . See References.

Mandrake Linux 10.0: 3.2-36.7.100mdk or later
Mandrake Linux 10.0/AMD64: 3.2-36.7.100mdk or later
Mandrake Linux 10.1: 3.2.3-99.1.101mdk or later
Mandrake Linux 10.1/X86_64: 3.2.3-99.1.101mdk or later

For Red Hat Linux:
Refer to RHSA-2005:065-06 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2005-01-16 for patch, upgrade, or suggested workaround information. See References.

Consequences:

Bypass Security

References:

  • KDE Security Advisory 2004-12-20, Konqueror Java Vulnerability at http://www.kde.org/info/security/advisory-20041220-1.txt.
  • KDE Web site, Getting KDE at http://kde.org/download/.
  • BID-12046: KDE Konqueror Multiple Remote Java Sandbox Bypass Vulnerabilities
  • CVE-2004-1145: Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.
  • GLSA-200501-16: Konqueror: Java sandbox vulnerabilities
  • MDKSA-2004:154: Updated kdelibs packages fix multiple vulnerability
  • RHSA-2005-065: kdelibs security update
  • SA13586: KDE Konqueror Java Sandbox Security Bypass Vulnerabilities
  • SUSE-SR:2005:003: SUSE Security Summary Report
  • US-CERT VU#420222: Konqueror fails to restrict access to Java classes

Reported:

Dec 20, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page