Bug 123232 - CAN-2004-0411 URI filtering vulnerability
Summary: CAN-2004-0411 URI filtering vulnerability
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kdelibs   
(Show other bugs)
Version: 3.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Ngo Than
QA Contact:
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2004-05-14 16:16 UTC by Mark J. Cox
Modified: 2007-11-30 22:07 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-05-17 21:09:37 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2004:222 high SHIPPED_LIVE Important: kdelibs security update 2004-05-17 04:00:00 UTC

Description Mark J. Cox 2004-05-14 16:16:38 UTC
iDEFENSE identified a vulnerability in the Opera web browser that
could allow remote attackers to create or truncate arbitrary files.
The KDE team has found that a similar vulnerability also exists
in KDE.

A flaw in the telnet URL handler can allow options to be passed to the
telnet program allowing file creation or overwriting. An attacker
could create a carefully crafted link such that when opened by a
victim it creates or overwrites a file with the victim's permissions. 

A workaround to this issue is to remove the file:

Red Hat Enterprise Linux 2.1 users who have applied any previous
kdelib erratum are not vulnerable to this issue, as our updates
shipped without a telnet.protocol file.

Embargoed until May17

Comment 1 Mark J. Cox 2004-05-14 16:17:59 UTC
Additionally a flaw was found in the mailto: handler; this could allow
attackers to pass --display arguments to kmail in order to take
control of the victims machine.  This issue does affect RHEL2.1

Comment 2 Mark J. Cox 2004-05-17 11:36:08 UTC
Now public; removing embargo:


Comment 3 Mark J. Cox 2004-05-17 21:09:37 UTC
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.