Red Hat Bugzilla – Bug 123232
CAN-2004-0411 URI filtering vulnerability
Last modified: 2007-11-30 17:07:01 EST
iDEFENSE identified a vulnerability in the Opera web browser that
could allow remote attackers to create or truncate arbitrary files.
The KDE team has found that a similar vulnerability also exists
A flaw in the telnet URL handler can allow options to be passed to the
telnet program allowing file creation or overwriting. An attacker
could create a carefully crafted link such that when opened by a
victim it creates or overwrites a file with the victim's permissions.
A workaround to this issue is to remove the file:
Red Hat Enterprise Linux 2.1 users who have applied any previous
kdelib erratum are not vulnerable to this issue, as our updates
shipped without a telnet.protocol file.
Embargoed until May17
Additionally a flaw was found in the mailto: handler; this could allow
attackers to pass --display arguments to kmail in order to take
control of the victims machine. This issue does affect RHEL2.1
Now public; removing embargo:
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.