Boletines de Vulnerabilidades

int(1066)

Boletines de Vulnerabilidades

Vulnerabilidad de Inyección de Frames en Konqueror
Clasificación de la vulnerabilidad
Propiedad	Valor
Nivel de Confianza	Oficial
Impacto	Confidencialidad
Dificultad	Experto
Requerimientos del atacante	Acceso remoto sin cuenta a un servicio estandar
Información sobre el sistema
Propiedad	Valor
Fabricant afectat	GNU/Linux
Software afectado	KDE <=3.2.3
Descripción
Se ha descubierto una vulnerabilidad en la versión 3.2.3 y anteriores de Konqueror. La vulnerabilidad reside en que Konqueror permite a sitios Web cargar código en frames de otros sitios que el usuario haya abierto. La explotación de esta vulnerabilidad podría permitir a un atacante obtener información confidencial de una víctima mediante una página web especialmente diseñada que inyecte código en frames de sitios Web de la confianza del usuario.
Solución
Actualización de software KDE KDE 3.0.5b ftp://ftp.kde.org/pub/kde/security_patches/post-3.0.5b-kdelibs-htmlframes.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.0.5b-kdebase-htmlframes.patch KDE 3.1.5 ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.5-kdelibs-htmlframes.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.5-kdebase-htmlframes.patch KDE 3.2.3 ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-htmlframes.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdebase-htmlframes.patch Red Hat Linux Red Hat Desktop (v. 3) AMD64 kdebase-3.1.3-5.4.x86_64.rpm kdebase-devel-3.1.3-5.4.x86_64.rpm kdelibs-3.1.3-6.6.x86_64.rpm kdelibs-devel-3.1.3-6.6.x86_64.rpm SRPMS kdebase-3.1.3-5.4.src.rpm kdelibs-3.1.3-6.6.src.rpm i386 kdebase-3.1.3-5.4.i386.rpm kdebase-devel-3.1.3-5.4.i386.rpm kdelibs-3.1.3-6.6.i386.rpm kdelibs-devel-3.1.3-6.6.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 2.1) SRPMS kdelibs-2.2.2-13.src.rpm i386 arts-2.2.2-13.i386.rpm kdelibs-2.2.2-13.i386.rpm kdelibs-devel-2.2.2-13.i386.rpm kdelibs-sound-2.2.2-13.i386.rpm kdelibs-sound-devel-2.2.2-13.i386.rpm ia64 arts-2.2.2-13.ia64.rpm kdelibs-2.2.2-13.ia64.rpm kdelibs-devel-2.2.2-13.ia64.rpm kdelibs-sound-2.2.2-13.ia64.rpm kdelibs-sound-devel-2.2.2-13.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 3) AMD64 kdebase-3.1.3-5.4.x86_64.rpm kdebase-devel-3.1.3-5.4.x86_64.rpm kdelibs-3.1.3-6.6.x86_64.rpm kdelibs-devel-3.1.3-6.6.x86_64.rpm SRPMS kdebase-3.1.3-5.4.src.rpm kdelibs-3.1.3-6.6.src.rpm i386 kdebase-3.1.3-5.4.i386.rpm kdebase-devel-3.1.3-5.4.i386.rpm kdelibs-3.1.3-6.6.i386.rpm kdelibs-devel-3.1.3-6.6.i386.rpm ia64 kdebase-3.1.3-5.4.ia64.rpm kdebase-devel-3.1.3-5.4.ia64.rpm kdelibs-3.1.3-6.6.ia64.rpm kdelibs-devel-3.1.3-6.6.ia64.rpm ppc kdebase-3.1.3-5.4.ppc.rpm kdebase-devel-3.1.3-5.4.ppc.rpm kdelibs-3.1.3-6.6.ppc.rpm kdelibs-devel-3.1.3-6.6.ppc.rpm s390 kdebase-3.1.3-5.4.s390.rpm kdebase-devel-3.1.3-5.4.s390.rpm kdelibs-3.1.3-6.6.s390.rpm kdelibs-devel-3.1.3-6.6.s390.rpm s390x kdebase-3.1.3-5.4.s390x.rpm kdebase-devel-3.1.3-5.4.s390x.rpm kdelibs-3.1.3-6.6.s390x.rpm kdelibs-devel-3.1.3-6.6.s390x.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 2.1) SRPMS kdebase-2.2.2-12.src.rpm kdelibs-2.2.2-13.src.rpm i386 arts-2.2.2-13.i386.rpm kdebase-2.2.2-12.i386.rpm kdebase-devel-2.2.2-12.i386.rpm kdelibs-2.2.2-13.i386.rpm kdelibs-devel-2.2.2-13.i386.rpm kdelibs-sound-2.2.2-13.i386.rpm kdelibs-sound-devel-2.2.2-13.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 3) AMD64 kdebase-3.1.3-5.4.x86_64.rpm kdebase-devel-3.1.3-5.4.x86_64.rpm kdelibs-3.1.3-6.6.x86_64.rpm kdelibs-devel-3.1.3-6.6.x86_64.rpm SRPMS kdebase-3.1.3-5.4.src.rpm kdelibs-3.1.3-6.6.src.rpm i386 kdebase-3.1.3-5.4.i386.rpm kdebase-devel-3.1.3-5.4.i386.rpm kdelibs-3.1.3-6.6.i386.rpm kdelibs-devel-3.1.3-6.6.i386.rpm ia64 kdebase-3.1.3-5.4.ia64.rpm kdebase-devel-3.1.3-5.4.ia64.rpm kdelibs-3.1.3-6.6.ia64.rpm kdelibs-devel-3.1.3-6.6.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 2.1) SRPMS kdebase-2.2.2-12.src.rpm kdelibs-2.2.2-13.src.rpm i386 arts-2.2.2-13.i386.rpm kdebase-2.2.2-12.i386.rpm kdebase-devel-2.2.2-12.i386.rpm kdelibs-2.2.2-13.i386.rpm kdelibs-devel-2.2.2-13.i386.rpm kdelibs-sound-2.2.2-13.i386.rpm kdelibs-sound-devel-2.2.2-13.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 3) AMD64 kdebase-3.1.3-5.4.x86_64.rpm kdebase-devel-3.1.3-5.4.x86_64.rpm kdelibs-3.1.3-6.6.x86_64.rpm kdelibs-devel-3.1.3-6.6.x86_64.rpm SRPMS kdebase-3.1.3-5.4.src.rpm kdelibs-3.1.3-6.6.src.rpm i386 kdebase-3.1.3-5.4.i386.rpm kdebase-devel-3.1.3-5.4.i386.rpm kdelibs-3.1.3-6.6.i386.rpm kdelibs-devel-3.1.3-6.6.i386.rpm ia64 kdebase-3.1.3-5.4.ia64.rpm kdebase-devel-3.1.3-5.4.ia64.rpm kdelibs-3.1.3-6.6.ia64.rpm kdelibs-devel-3.1.3-6.6.ia64.rpm Red Hat Linux Advanced Workstation 2.1 Itanium Processor SRPMS kdebase-2.2.2-12.src.rpm kdelibs-2.2.2-13.src.rpm ia64 arts-2.2.2-13.ia64.rpm kdebase-2.2.2-12.ia64.rpm kdebase-devel-2.2.2-12.ia64.rpm kdelibs-2.2.2-13.ia64.rpm kdelibs-devel-2.2.2-13.ia64.rpm kdelibs-sound-2.2.2-13.ia64.rpm kdelibs-sound-devel-2.2.2-13.ia64.rpm https://rhn.redhat.com/
Identificadores estándar
Propiedad	Valor
CVE	CAN-2004-0721
BID
Recursos adicionales
KDE Security Advisory http://www.kde.org/info/security/advisory-20040811-3.txt Red Hat Security Advisory RHSA-2004:412-10 https://rhn.redhat.com/errata/RHSA-2004-412.html

Histórico de versiones
Versión	Comentario	Data
1.0	Aviso emitido	2004-10-05

Boletines de Vulnerabilidades

Vulnerabilidad de Inyección de Frames en Konqueror

Clasificación de la vulnerabilidad

Información sobre el sistema

Descripción

Solución

Identificadores estándar

Recursos adicionales

Histórico de versiones