 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.51647 |
| Kategorie: | Red Hat Local Security Checks |
| Titel: | RedHat Security Advisory RHSA-2005:065 |
| Zusammenfassung: | NOSUMMARY |
| Beschreibung: | Description: The remote host is missing updates announced in advisory RHSA-2005:065. The kdelibs packages include libraries for the K Desktop Environment. Two flaws were found in the sandbox environment used to run Java-applets in the Konqueror web browser. If a user has Java enabled in Konqueror and visits a malicious website, the website could run a carefully crafted Java-applet and obtain escalated privileges allowing reading and writing of arbitrary files with the privileges of the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1145 to this issue. A flaw was discovered in the FTP kioslave. KDE applications such as Konqueror could be forced to execute arbitrary FTP commands via a carefully crafted ftp URL. The URL could also be crafted in such a way as to send an arbitrary email via SMTP. An attacker could make use of this flaw if a victim visits a malicious web site. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-1165 to this issue. Users should update to these erratum packages which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-065.html http://www.kde.org/info/security/advisory-20041220-1.txt http://www.kde.org/info/security/advisory-20050101-1.txt Risk factor : High CVSS Score: 7.5 |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-1145 Bugtraq: 20041220 KDE Security Advisory: Konqueror Java Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110356286722875&w=2 CERT/CC vulnerability note: VU#420222 http://www.kb.cert.org/vuls/id/420222 http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:154 http://www.heise.de/security/dienste/browsercheck/tests/java.shtml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10173 http://www.redhat.com/support/errata/RHSA-2005-065.html http://secunia.com/advisories/13586 XForce ISS Database: konqueror-sandbox-restriction-bypass(18596) https://exchange.xforce.ibmcloud.com/vulnerabilities/18596 Common Vulnerability Exposure (CVE) ID: CVE-2004-1165 Bugtraq: 20041205 7a69Adv#16 - Konqueror FTP command injection (Google Search) http://marc.info/?l=bugtraq&m=110245752232681&w=2 Debian Security Information: DSA-631 (Google Search) http://www.debian.org/security/2005/dsa-631 http://www.gentoo.org/security/en/glsa/glsa-200501-18.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9645 http://www.redhat.com/support/errata/RHSA-2005-009.html XForce ISS Database: web-browser-ftp-command-execution(18384) https://exchange.xforce.ibmcloud.com/vulnerabilities/18384 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |