ServicesSecurity Alerts

KDE Konqueror Cross-Domain Frame Loading Vulnerability

2004-09-09 14:52:59 Marketing Dept



Vulnerability Name： KDE Konqueror Cross-Domain Frame Loading Vulnerability Published Date： 2004-08-11 Updated Date： 2004-08-23 CVE Number： CAN-2004-0721 Bugtraq ID：10921 Vulnerable： Gentoo Linux 1.4 KDE KDE 3.1.3 KDE KDE 3.2 KDE Konqueror 2.1.1 KDE Konqueror 2.1.2 KDE Konqueror 2.2.1 KDE Konqueror 2.2.2 + Debian Linux 3.0 + Debian Linux 3.0 alpha + Debian Linux 3.0 arm + Debian Linux 3.0 hppa + Debian Linux 3.0 ia-32 + Debian Linux 3.0 ia-64 + Debian Linux 3.0 m68k + Debian Linux 3.0 mips + Debian Linux 3.0 mipsel + Debian Linux 3.0 ppc + Debian Linux 3.0 s/390 + Debian Linux 3.0 sparc + RedHat Enterprise Linux AS 2.1 + RedHat Enterprise Linux AS 2.1 IA64 + RedHat Enterprise Linux ES 2.1 + RedHat Enterprise Linux ES 2.1 IA64 + RedHat Enterprise Linux WS 2.1 + RedHat Enterprise Linux WS 2.1 IA64 + RedHat Linux Advanced Work Station 2.1 + Turbolinux Turbolinux Server 7.0 + Turbolinux Turbolinux Server 8.0 + Turbolinux Turbolinux Workstation 7.0 + Turbolinux Turbolinux Workstation 8.0 KDE Konqueror 3.0 + KDE KDE 3.0 KDE Konqueror 3.0.1 + KDE KDE 3.0.1 KDE Konqueror 3.0.2 + KDE KDE 3.0.2 KDE Konqueror 3.0.3 + KDE KDE 3.0.3 KDE Konqueror 3.0.5 b KDE Konqueror 3.0.5 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Linux Mandrake 9.0 KDE Konqueror 3.1 + MandrakeSoft Linux Mandrake 9.1 + MandrakeSoft Linux Mandrake 9.1 ppc KDE Konqueror 3.1.1 + KDE KDE 3.1.1 KDE Konqueror 3.1.2 + KDE KDE 3.1.2 KDE Konqueror 3.1.3 KDE Konqueror 3.1.5 KDE Konqueror 3.2.1 KDE Konqueror 3.2.3 MandrakeSoft Linux Mandrake 9.2 amd64 MandrakeSoft Linux Mandrake 9.2 MandrakeSoft Linux Mandrake 10.0 AMD64 MandrakeSoft Linux Mandrake 10.0 Not Vulnerable： Description： Konqueror reported prone to a cross-domain frame loading vulnerability. It is reported that if the name of a frame rendered in a target site is known, then an attacker may potentially render arbitrary HTML in the frame of the target site. An attacker may exploit this vulnerability to spoof an interface of a trusted web site. All versions of KDE up to KDE 3.2.3 are vulnerable to this issue. Vender Status： Have Patches. Solution： KDE Konqueror 3.0.5 b: KDE Patch post-3.0.5b-kdelibs-htmlframes.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.0.5b-kdelibs-htmlframes.patch KDE Patch post-3.0.5b-kdebase-htmlframes.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.0.5b-kdebase-htmlframes.patch KDE KDE 3.1.3: Mandrake Upgrade kdebase-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade kdebase-common-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade kdebase-kate-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade kdebase-kdeprintfax-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade kdebase-kdm-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade kdebase-kdm-config-file-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade kdebase-konsole-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade kdebase-nsplugins-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade kdebase-progs-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade kdelibs-common-3.1.3-35.3.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade libkdebase4-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade libkdebase4-devel-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade libkdebase4-kate-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade libkdebase4-kate-devel-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade libkdebase4-konsole-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade libkdebase4-nsplugins-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade libkdebase4-nsplugins-devel-3.1.3-79.2.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade libkdecore4-3.1.3-35.3.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade libkdecore4-devel-3.1.3-35.3.92mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2 Mandrake Upgrade kdebase-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade kdebase-common-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade kdebase-kate-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade kdebase-kdeprintfax-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade kdebase-kdm-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade kdebase-kdm-config-file-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade kdebase-konsole-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade kdebase-nsplugins-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade kdebase-progs-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade kdelibs-common-3.1.3-35.3.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade lib64kdebase4-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade lib64kdebase4-devel-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade lib64kdebase4-kate-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade lib64kdebase4-kate-devel-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade lib64kdebase4-konsole-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade lib64kdebase4-nsplugins-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade lib64kdebase4-nsplugins-devel-3.1.3-79.2.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade lib64kdecore4-3.1.3-35.3.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 Mandrake Upgrade lib64kdecore4-devel-3.1.3-35.3.92mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.2/AMD64 KDE Konqueror 3.1.5: KDE Patch post-3.1.5-kdelibs-htmlframes.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.5-kdelibs-htmlframes.patch KDE Patch post-3.1.5-kdebase-htmlframes.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.5-kdebase-htmlframes.patch KDE KDE 3.2: Mandrake Upgrade libkdecore4-3.2-36.3.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdecore4-devel-3.2-36.3.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-common-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-kate-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-kcontrol-data-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-kdeprintfax-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-kdm-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-kdm-config-file-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-kmenuedit-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-konsole-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-nsplugins-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-progs-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdelibs-common-3.2-36.3.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-devel-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-kate-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-kate-devel-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-kmenuedit-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-konsole-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-nsplugins-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdebase4-nsplugins-devel-3.2-79.2.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdecore4-3.2-36.3.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade lib64kdecore4-devel-3.2-36.3.100mdk.amd64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0/AMD64 Mandrake Upgrade kdebase-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-common-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-kate-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-kcontrol-data-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-kdeprintfax-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-kdm-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-kdm-config-file-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-kmenuedit-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-konsole-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-nsplugins-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdebase-progs-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade kdelibs-common-3.2-36.3.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-devel-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-kate-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-kate-devel-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-kmenuedit-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-konsole-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-nsplugins-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 Mandrake Upgrade libkdebase4-nsplugins-devel-3.2-79.2.100mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 10.0 KDE Konqueror 3.2.3: KDE Patch post-3.2.3-kdelibs-htmlframes.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-htmlframes.patch KDE Patch post-3.2.3-kdebase-htmlframes.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdebase-htmlframes.patch

Editor： Marketing Dept

【Large Medium Small】【close】

■ LINK:

®2004 Information Security One (China) Ltd. All right reserved | Privacy Policy | Legal Notice