Boletines de Vulnerabilidades |
Vulnerabilidad de Inyección de Frames en Konqueror |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Confidencialidad |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricant afectat | GNU/Linux |
Software afectado | KDE <=3.2.3 |
Descripción |
|
Se ha descubierto una vulnerabilidad en la versión 3.2.3 y anteriores de Konqueror. La vulnerabilidad reside en que Konqueror permite a sitios Web cargar código en frames de otros sitios que el usuario haya abierto. La explotación de esta vulnerabilidad podría permitir a un atacante obtener información confidencial de una víctima mediante una página web especialmente diseñada que inyecte código en frames de sitios Web de la confianza del usuario. |
|
Solución |
|
Actualización de software KDE KDE 3.0.5b ftp://ftp.kde.org/pub/kde/security_patches/post-3.0.5b-kdelibs-htmlframes.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.0.5b-kdebase-htmlframes.patch KDE 3.1.5 ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.5-kdelibs-htmlframes.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.5-kdebase-htmlframes.patch KDE 3.2.3 ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-htmlframes.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdebase-htmlframes.patch Red Hat Linux Red Hat Desktop (v. 3) AMD64 kdebase-3.1.3-5.4.x86_64.rpm kdebase-devel-3.1.3-5.4.x86_64.rpm kdelibs-3.1.3-6.6.x86_64.rpm kdelibs-devel-3.1.3-6.6.x86_64.rpm SRPMS kdebase-3.1.3-5.4.src.rpm kdelibs-3.1.3-6.6.src.rpm i386 kdebase-3.1.3-5.4.i386.rpm kdebase-devel-3.1.3-5.4.i386.rpm kdelibs-3.1.3-6.6.i386.rpm kdelibs-devel-3.1.3-6.6.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 2.1) SRPMS kdelibs-2.2.2-13.src.rpm i386 arts-2.2.2-13.i386.rpm kdelibs-2.2.2-13.i386.rpm kdelibs-devel-2.2.2-13.i386.rpm kdelibs-sound-2.2.2-13.i386.rpm kdelibs-sound-devel-2.2.2-13.i386.rpm ia64 arts-2.2.2-13.ia64.rpm kdelibs-2.2.2-13.ia64.rpm kdelibs-devel-2.2.2-13.ia64.rpm kdelibs-sound-2.2.2-13.ia64.rpm kdelibs-sound-devel-2.2.2-13.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 3) AMD64 kdebase-3.1.3-5.4.x86_64.rpm kdebase-devel-3.1.3-5.4.x86_64.rpm kdelibs-3.1.3-6.6.x86_64.rpm kdelibs-devel-3.1.3-6.6.x86_64.rpm SRPMS kdebase-3.1.3-5.4.src.rpm kdelibs-3.1.3-6.6.src.rpm i386 kdebase-3.1.3-5.4.i386.rpm kdebase-devel-3.1.3-5.4.i386.rpm kdelibs-3.1.3-6.6.i386.rpm kdelibs-devel-3.1.3-6.6.i386.rpm ia64 kdebase-3.1.3-5.4.ia64.rpm kdebase-devel-3.1.3-5.4.ia64.rpm kdelibs-3.1.3-6.6.ia64.rpm kdelibs-devel-3.1.3-6.6.ia64.rpm ppc kdebase-3.1.3-5.4.ppc.rpm kdebase-devel-3.1.3-5.4.ppc.rpm kdelibs-3.1.3-6.6.ppc.rpm kdelibs-devel-3.1.3-6.6.ppc.rpm s390 kdebase-3.1.3-5.4.s390.rpm kdebase-devel-3.1.3-5.4.s390.rpm kdelibs-3.1.3-6.6.s390.rpm kdelibs-devel-3.1.3-6.6.s390.rpm s390x kdebase-3.1.3-5.4.s390x.rpm kdebase-devel-3.1.3-5.4.s390x.rpm kdelibs-3.1.3-6.6.s390x.rpm kdelibs-devel-3.1.3-6.6.s390x.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 2.1) SRPMS kdebase-2.2.2-12.src.rpm kdelibs-2.2.2-13.src.rpm i386 arts-2.2.2-13.i386.rpm kdebase-2.2.2-12.i386.rpm kdebase-devel-2.2.2-12.i386.rpm kdelibs-2.2.2-13.i386.rpm kdelibs-devel-2.2.2-13.i386.rpm kdelibs-sound-2.2.2-13.i386.rpm kdelibs-sound-devel-2.2.2-13.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 3) AMD64 kdebase-3.1.3-5.4.x86_64.rpm kdebase-devel-3.1.3-5.4.x86_64.rpm kdelibs-3.1.3-6.6.x86_64.rpm kdelibs-devel-3.1.3-6.6.x86_64.rpm SRPMS kdebase-3.1.3-5.4.src.rpm kdelibs-3.1.3-6.6.src.rpm i386 kdebase-3.1.3-5.4.i386.rpm kdebase-devel-3.1.3-5.4.i386.rpm kdelibs-3.1.3-6.6.i386.rpm kdelibs-devel-3.1.3-6.6.i386.rpm ia64 kdebase-3.1.3-5.4.ia64.rpm kdebase-devel-3.1.3-5.4.ia64.rpm kdelibs-3.1.3-6.6.ia64.rpm kdelibs-devel-3.1.3-6.6.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 2.1) SRPMS kdebase-2.2.2-12.src.rpm kdelibs-2.2.2-13.src.rpm i386 arts-2.2.2-13.i386.rpm kdebase-2.2.2-12.i386.rpm kdebase-devel-2.2.2-12.i386.rpm kdelibs-2.2.2-13.i386.rpm kdelibs-devel-2.2.2-13.i386.rpm kdelibs-sound-2.2.2-13.i386.rpm kdelibs-sound-devel-2.2.2-13.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 3) AMD64 kdebase-3.1.3-5.4.x86_64.rpm kdebase-devel-3.1.3-5.4.x86_64.rpm kdelibs-3.1.3-6.6.x86_64.rpm kdelibs-devel-3.1.3-6.6.x86_64.rpm SRPMS kdebase-3.1.3-5.4.src.rpm kdelibs-3.1.3-6.6.src.rpm i386 kdebase-3.1.3-5.4.i386.rpm kdebase-devel-3.1.3-5.4.i386.rpm kdelibs-3.1.3-6.6.i386.rpm kdelibs-devel-3.1.3-6.6.i386.rpm ia64 kdebase-3.1.3-5.4.ia64.rpm kdebase-devel-3.1.3-5.4.ia64.rpm kdelibs-3.1.3-6.6.ia64.rpm kdelibs-devel-3.1.3-6.6.ia64.rpm Red Hat Linux Advanced Workstation 2.1 Itanium Processor SRPMS kdebase-2.2.2-12.src.rpm kdelibs-2.2.2-13.src.rpm ia64 arts-2.2.2-13.ia64.rpm kdebase-2.2.2-12.ia64.rpm kdebase-devel-2.2.2-12.ia64.rpm kdelibs-2.2.2-13.ia64.rpm kdelibs-devel-2.2.2-13.ia64.rpm kdelibs-sound-2.2.2-13.ia64.rpm kdelibs-sound-devel-2.2.2-13.ia64.rpm https://rhn.redhat.com/ |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CAN-2004-0721 |
BID | |
Recursos adicionales |
|
KDE Security Advisory http://www.kde.org/info/security/advisory-20040811-3.txt Red Hat Security Advisory RHSA-2004:412-10 https://rhn.redhat.com/errata/RHSA-2004-412.html |
Histórico de versiones |
||
Versión | Comentario | Data |
1.0 | Aviso emitido | 2004-10-05 |