[Full-disclosure] [ GLSA 200601-11 ] KDE kjs: URI heap overflow vulnerability



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200601-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: KDE kjs: URI heap overflow vulnerability
Date: January 22, 2006
Bugs: #118550
ID: 200601-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

KDE fails to properly validate URIs when handling javascript,
potentially resulting in the execution of arbitrary code.

Background
==========

KDE is a feature-rich graphical desktop environment for Linux and
Unix-like Operating Systems. kjs is the javascript interpreter used in
Konqueror and other parts of KDE.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 kde-base/kdelibs < 3.4.3-r1 >= 3.4.3-r1

Description
===========

Maksim Orlovich discovered an incorrect bounds check in kjs when
handling URIs.

Impact
======

By enticing a user to load a specially crafted webpage containing
malicious javascript, an attacker could execute arbitrary code with the
rights of the user running kjs.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All kdelibs users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose kde-base/kdelibs-3.4.3-r1

References
==========

[ 1 ] CVE-2006-0019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0019
[ 2 ] KDE Security Advisory: kjs encodeuri/decodeuri heap overflow vulnerability
http://www.kde.org/info/security/advisory-20060119-1.txt

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200601-11.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@xxxxxxxxxx or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Attachment:pgpSeDSR4jGo0.pgp
Description: PGP signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Relevant Pages

  • [ GLSA 200601-11 ] KDE kjs: URI heap overflow vulnerability
    ... Title: KDE kjs: URI heap overflow vulnerability ... KDE fails to properly validate URIs when handling javascript, ...
    (Bugtraq)
  • Pls help: Suse 9.1 Pro -Javascript crashes KDE
    ... some time after updating some browsers and/or update ... the result is the PC reloading the KDE login page. ... that my java and javascript "modules" are o.k. ...
    (alt.os.linux.suse)
  • Re: [kde] Flash
    ... My guess is that the site is using JavaScript to control the applet through ... Assuming that there is not much difference in the 3.5.8 version of Konqueror ... Kevin Krammer, KDE developer, xdg-utils developer ...
    (KDE)
  • Re: Reasons for preferring Lisp, and for what
    ... >SpiderMonkey, Rhino, FESI and KJS, used ... >in KDE and Mac OS X. ... At least the Mozilla stuff is used in some web ...
    (comp.lang.lisp)
  • Re: Pls help: Suse 9.1 Pro -Javascript crashes KDE
    ... I tried Window Maker - and javascript worked o.k. ... Then I retried it in KDE - and it worked, ... that might cause such odd crashing? ... The page is an air traffic control page and it takes ...
    (alt.os.linux.suse)