Vulnerability Bulletins |
Acceso no autorizado a disco mediante Konqueror |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Avanzado |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | KDE <= 3.3.1 |
Description |
|
|
Existe una vulnerabilidad en el navegador Konqueror mediante la cual un applet de java no confiable podría escalar privilegios mediante un JavaScript. La vulnerabilidad podría permitir leer y escribir archivos con los privilegios del usuario que ejecuta el applet. |
|
Solution |
|
|
Actualización de sodtware Mandrake Linux Mandrakelinux 10.0 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/kdelibs-common-3.2-36.7.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libkdecore4-3.2-36.7.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libkdecore4-devel-3.2-36.7.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/kdelibs-3.2-36.7.100mdk.src.rpm Mandrakelinux 10.0/AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/kdelibs-common-3.2-36.7.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64kdecore4-3.2-36.7.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/amd64/10.0/RPMS/lib64kdecore4-devel-3.2-36.7.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/kdelibs-3.2-36.7.100mdk.src.rpm Mandrakelinux 10.1 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/kdelibs-common-3.2.3-99.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libkdecore4-3.2.3-99.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libkdecore4-devel-3.2.3-99.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/kdelibs-3.2.3-99.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/kdelibs-common-3.2.3-99.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64kdecore4-3.2.3-99.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64kdecore4-devel-3.2.3-99.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/kdelibs-3.2.3-99.1.101mdk.src.rpm SUSE Linux Distribuciones basadas en SUSE Linux - Actualizar mediante YaST Online Update Red Hat Linux Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2004-1145 |
| BID | |
Other resources |
|
|
KDE Security Advisory: Konqueror Java Vulnerability http://www.kde.org/info/security/advisory-20041220-1.txt Mandrakesoft Security Advisories MDKSA-2004:154 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:154 SUSE Security Summary Report SUSE-SR:2005:003 http://www.novell.com/linux/security/advisories/2005_03_sr.html Red Hat Security Advisory RHSA-2005:065-06 https://rhn.redhat.com/errata/RHSA-2005-065.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2004-12-23 |
| 1.1 | Aviso emitido por SUSE (SUSE-SR:2005:003) | 2005-02-07 |
| 1.2 | Aviso emitido por Red Hat (RHSA-2005:065-06) | 2005-02-16 |