[UNIX] Konqueror Frame Injection Vulnerability

From: SecuriTeam (support_at_securiteam.com)
Date: 08/16/04

  • Next message: SecuriTeam: "[UNIX] Rsync Unauthorised Directory Traversal and File Access (clean_fname)" 
    To: list@securiteam.com
Date: 16 Aug 2004 11:53:14 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Konqueror Frame Injection Vulnerability
    ------------------------------------------------------------------------

    SUMMARY

    The Konqueror web browser allows websites to load web pages into a frame
    of any other frame-based web page that the user may have open.

    DETAILS

    Vulnerable Systems:
     * All versions of KDE up to KDE 3.2.3 inclusive

    CVE Information:
     <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721>
    CAN-2004-0721

    Impact:
    A malicious website could abuse Konqueror to insert its own frames into
    the page of an otherwise trusted website. As a result the user may
    unknowingly send confidential information intended for the trusted website
    to the malicious website.

    Solution:
    Source code patches have been made available which fix these
    vulnerabilities. Contact your OS vendor / binary package provider for
    information about how to obtain updated binary packages.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:bastian@kde.org> Waldo
    Bastian.
    The original article can be found at:
    <http://www.kde.org/info/security/advisory-20040811-3.txt>
    http://www.kde.org/info/security/advisory-20040811-3.txt

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[UNIX] Rsync Unauthorised Directory Traversal and File Access (clean_fname)"

    Relevant Pages

    • [NEWS] Common DNS Misconfiguration can Lead to "same Site" Scripting
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... attack is trivial, for example, from a shared UNIX system, an attacker ... via) a machine that hosts another website, ... configurations for domains that host websites that rely on HTTP state ...
      (Securiteam)
    • [NEWS] Mozilla Firefox Certificate Spoofing
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... * Mozilla Firefox version 0.9.1 ... First you direct the redirection Metatag to the website of which you want ... to spoof the certificate, then inside the tag you add OnUnload ...
      (Securiteam)
    • [NT] K-Meleon Frame Injection Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... K-Meleon is free, open source software released under the GNU General ... A malicious website could cause K-Meleon to insert its own frames into the ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [EXPL] phpBB Remote PHP Code Execution (viewtopic.php 2)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The following exploit code utilizes a vulnerability in phpBB to cause ... This bulletin is sent to members of the SecuriTeam mailing list. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [EXPL] TinyWeb Server DoS Exploit
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)