Vulnerability Bulletins |
Vulnerabilidad de Inyección de Frames en Konqueror |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Confidencialidad |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | KDE <=3.2.3 |
Description |
|
|
Se ha descubierto una vulnerabilidad en la versión 3.2.3 y anteriores de Konqueror. La vulnerabilidad reside en que Konqueror permite a sitios Web cargar código en frames de otros sitios que el usuario haya abierto. La explotación de esta vulnerabilidad podría permitir a un atacante obtener información confidencial de una víctima mediante una página web especialmente diseñada que inyecte código en frames de sitios Web de la confianza del usuario. |
|
Solution |
|
|
Actualización de software KDE KDE 3.0.5b ftp://ftp.kde.org/pub/kde/security_patches/post-3.0.5b-kdelibs-htmlframes.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.0.5b-kdebase-htmlframes.patch KDE 3.1.5 ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.5-kdelibs-htmlframes.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.5-kdebase-htmlframes.patch KDE 3.2.3 ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-htmlframes.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdebase-htmlframes.patch Red Hat Linux Red Hat Desktop (v. 3) AMD64 kdebase-3.1.3-5.4.x86_64.rpm kdebase-devel-3.1.3-5.4.x86_64.rpm kdelibs-3.1.3-6.6.x86_64.rpm kdelibs-devel-3.1.3-6.6.x86_64.rpm SRPMS kdebase-3.1.3-5.4.src.rpm kdelibs-3.1.3-6.6.src.rpm i386 kdebase-3.1.3-5.4.i386.rpm kdebase-devel-3.1.3-5.4.i386.rpm kdelibs-3.1.3-6.6.i386.rpm kdelibs-devel-3.1.3-6.6.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 2.1) SRPMS kdelibs-2.2.2-13.src.rpm i386 arts-2.2.2-13.i386.rpm kdelibs-2.2.2-13.i386.rpm kdelibs-devel-2.2.2-13.i386.rpm kdelibs-sound-2.2.2-13.i386.rpm kdelibs-sound-devel-2.2.2-13.i386.rpm ia64 arts-2.2.2-13.ia64.rpm kdelibs-2.2.2-13.ia64.rpm kdelibs-devel-2.2.2-13.ia64.rpm kdelibs-sound-2.2.2-13.ia64.rpm kdelibs-sound-devel-2.2.2-13.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 3) AMD64 kdebase-3.1.3-5.4.x86_64.rpm kdebase-devel-3.1.3-5.4.x86_64.rpm kdelibs-3.1.3-6.6.x86_64.rpm kdelibs-devel-3.1.3-6.6.x86_64.rpm SRPMS kdebase-3.1.3-5.4.src.rpm kdelibs-3.1.3-6.6.src.rpm i386 kdebase-3.1.3-5.4.i386.rpm kdebase-devel-3.1.3-5.4.i386.rpm kdelibs-3.1.3-6.6.i386.rpm kdelibs-devel-3.1.3-6.6.i386.rpm ia64 kdebase-3.1.3-5.4.ia64.rpm kdebase-devel-3.1.3-5.4.ia64.rpm kdelibs-3.1.3-6.6.ia64.rpm kdelibs-devel-3.1.3-6.6.ia64.rpm ppc kdebase-3.1.3-5.4.ppc.rpm kdebase-devel-3.1.3-5.4.ppc.rpm kdelibs-3.1.3-6.6.ppc.rpm kdelibs-devel-3.1.3-6.6.ppc.rpm s390 kdebase-3.1.3-5.4.s390.rpm kdebase-devel-3.1.3-5.4.s390.rpm kdelibs-3.1.3-6.6.s390.rpm kdelibs-devel-3.1.3-6.6.s390.rpm s390x kdebase-3.1.3-5.4.s390x.rpm kdebase-devel-3.1.3-5.4.s390x.rpm kdelibs-3.1.3-6.6.s390x.rpm kdelibs-devel-3.1.3-6.6.s390x.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 2.1) SRPMS kdebase-2.2.2-12.src.rpm kdelibs-2.2.2-13.src.rpm i386 arts-2.2.2-13.i386.rpm kdebase-2.2.2-12.i386.rpm kdebase-devel-2.2.2-12.i386.rpm kdelibs-2.2.2-13.i386.rpm kdelibs-devel-2.2.2-13.i386.rpm kdelibs-sound-2.2.2-13.i386.rpm kdelibs-sound-devel-2.2.2-13.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 3) AMD64 kdebase-3.1.3-5.4.x86_64.rpm kdebase-devel-3.1.3-5.4.x86_64.rpm kdelibs-3.1.3-6.6.x86_64.rpm kdelibs-devel-3.1.3-6.6.x86_64.rpm SRPMS kdebase-3.1.3-5.4.src.rpm kdelibs-3.1.3-6.6.src.rpm i386 kdebase-3.1.3-5.4.i386.rpm kdebase-devel-3.1.3-5.4.i386.rpm kdelibs-3.1.3-6.6.i386.rpm kdelibs-devel-3.1.3-6.6.i386.rpm ia64 kdebase-3.1.3-5.4.ia64.rpm kdebase-devel-3.1.3-5.4.ia64.rpm kdelibs-3.1.3-6.6.ia64.rpm kdelibs-devel-3.1.3-6.6.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 2.1) SRPMS kdebase-2.2.2-12.src.rpm kdelibs-2.2.2-13.src.rpm i386 arts-2.2.2-13.i386.rpm kdebase-2.2.2-12.i386.rpm kdebase-devel-2.2.2-12.i386.rpm kdelibs-2.2.2-13.i386.rpm kdelibs-devel-2.2.2-13.i386.rpm kdelibs-sound-2.2.2-13.i386.rpm kdelibs-sound-devel-2.2.2-13.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 3) AMD64 kdebase-3.1.3-5.4.x86_64.rpm kdebase-devel-3.1.3-5.4.x86_64.rpm kdelibs-3.1.3-6.6.x86_64.rpm kdelibs-devel-3.1.3-6.6.x86_64.rpm SRPMS kdebase-3.1.3-5.4.src.rpm kdelibs-3.1.3-6.6.src.rpm i386 kdebase-3.1.3-5.4.i386.rpm kdebase-devel-3.1.3-5.4.i386.rpm kdelibs-3.1.3-6.6.i386.rpm kdelibs-devel-3.1.3-6.6.i386.rpm ia64 kdebase-3.1.3-5.4.ia64.rpm kdebase-devel-3.1.3-5.4.ia64.rpm kdelibs-3.1.3-6.6.ia64.rpm kdelibs-devel-3.1.3-6.6.ia64.rpm Red Hat Linux Advanced Workstation 2.1 Itanium Processor SRPMS kdebase-2.2.2-12.src.rpm kdelibs-2.2.2-13.src.rpm ia64 arts-2.2.2-13.ia64.rpm kdebase-2.2.2-12.ia64.rpm kdebase-devel-2.2.2-12.ia64.rpm kdelibs-2.2.2-13.ia64.rpm kdelibs-devel-2.2.2-13.ia64.rpm kdelibs-sound-2.2.2-13.ia64.rpm kdelibs-sound-devel-2.2.2-13.ia64.rpm https://rhn.redhat.com/ |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2004-0721 |
| BID | |
Other resources |
|
|
KDE Security Advisory http://www.kde.org/info/security/advisory-20040811-3.txt Red Hat Security Advisory RHSA-2004:412-10 https://rhn.redhat.com/errata/RHSA-2004-412.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2004-10-05 |