Bug 123232 - CAN-2004-0411 URI filtering vulnerability
CAN-2004-0411 URI filtering vulnerability
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kdelibs (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ngo Than
: Security
Depends On:
  Show dependency treegraph
Reported: 2004-05-14 12:16 EDT by Mark J. Cox
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-05-17 17:09:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox 2004-05-14 12:16:38 EDT
iDEFENSE identified a vulnerability in the Opera web browser that
could allow remote attackers to create or truncate arbitrary files.
The KDE team has found that a similar vulnerability also exists
in KDE.

A flaw in the telnet URL handler can allow options to be passed to the
telnet program allowing file creation or overwriting. An attacker
could create a carefully crafted link such that when opened by a
victim it creates or overwrites a file with the victim's permissions. 

A workaround to this issue is to remove the file:

Red Hat Enterprise Linux 2.1 users who have applied any previous
kdelib erratum are not vulnerable to this issue, as our updates
shipped without a telnet.protocol file.

Embargoed until May17
Comment 1 Mark J. Cox 2004-05-14 12:17:59 EDT
Additionally a flaw was found in the mailto: handler; this could allow
attackers to pass --display arguments to kmail in order to take
control of the victims machine.  This issue does affect RHEL2.1
Comment 2 Mark J. Cox 2004-05-17 07:36:08 EDT
Now public; removing embargo:

Comment 3 Mark J. Cox 2004-05-17 17:09:37 EDT
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.