|
Test Kennung: | 1.3.6.1.4.1.25623.1.0.50838 |
Kategorie: | Mandrake Local Security Checks |
Titel: | Mandrake Security Advisory MDKSA-2002:064 (kdelibs) |
Zusammenfassung: | Mandrake Security Advisory MDKSA-2002:064 (kdelibs) |
Beschreibung: | Description: The remote host is missing an update to kdelibs announced via advisory MDKSA-2002:064. A vulnerability was discovered in Konqueror's cross site scripting protection, in that it fails to initialize the domains on sub-(i)frames correctly. Because of this, javascript may access any foreign subframe which is defined in the HTML source, which can be used to steal cookies from the client and allow other cross-site scripting attacks. This also affects other KDE software that uses the KHTML rendering engine. This is fixed in KDE 3.0.3a, and the KDE team provided a patch for KDE 2.2.2. This patch has been applied to the following packages. After upgrading kdelibs, you must restart KDE in order for the fix to work. Affected versions: 8.1, 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2002:064 http://www.kde.org/info/security/advisory-20020908-2.txt http://online.securityfocus.com/archive/1/290710/2002-09-03/2002-09-09/0 Risk factor : High |
Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
Dies ist nur einer von 58962 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |
|