ID de Prueba:	1.3.6.1.4.1.25623.1.0.50630
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2004:150 (kdelibs)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to kdelibs announced via advisory MDKSA-2004:150. Daniel Fabian discovered a potential privacy issue in KDE. When creating a link to a remote file from various applications, including Konqueror, the resulting URL may contain the authentication credentials used to access that remote resource. This includes, but is not limited to, browsing SMB (Samba) shares. Upon further investigation, it was found that the SMB protocol handler also unnecessarily exposed authentication credentials (CVE-2004-1171). Another vulnerability was discovered where a malicious website could abuse Konqueror to load its own content into a window or tab that was opened by a trusted website, or it could trick a trusted website into loading content into an existing window or tab. This could lead to the user being confused as to the origin of a particular webpage and could have the user unknowingly send confidential information intended for a trusted site to the malicious site (CVE-2004-1158). The updated packages contain a patch from the KDE team to solve this issue. Additionally, the kdelibs and kdebase packages for Mandrakelinux 10.1 contain numerous bugfixes. New qt3 packages are being provided for Mandrakelinux 10.0 that are required to build the kdebase package. Affected versions: 10.0, 10.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:150 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1158 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1171 http://www.kde.org/info/security/advisory-20041209-1.txt http://www.kde.org/info/security/advisory-20040811-3.txt Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1171 BugTraq ID: 11866 http://www.securityfocus.com/bid/11866 Bugtraq: 20041129 Password Disclosure for SMB Shares in KDE's Konqueror (Google Search) http://marc.info/?l=bugtraq&m=110178786809694&w=2 Bugtraq: 20041209 KDE Security Advisory: plain text password exposure (Google Search) http://marc.info/?l=bugtraq&m=110261063201488&w=2 CERT/CC vulnerability note: VU#305294 http://www.kb.cert.org/vuls/id/305294 Computer Incident Advisory Center Bulletin: P-051 http://www.ciac.org/ciac/bulletins/p-051.shtml http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:150 http://www.sec-consult.com/index.php?id=118 http://www.osvdb.org/12248 http://securitytracker.com/id?1012471 http://secunia.com/advisories/13477 http://secunia.com/advisories/13486 http://secunia.com/advisories/13560 XForce ISS Database: kde-smb-password-plaintext(18267) https://exchange.xforce.ibmcloud.com/vulnerabilities/18267 Common Vulnerability Exposure (CVE) ID: CVE-2004-1158 BugTraq ID: 11853 http://www.securityfocus.com/bid/11853 Bugtraq: 20041213 KDE Security Advisory: Konqueror Window Injection Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110296048613575&w=2 http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ http://secunia.com/secunia_research/2004-13/advisory/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11056 http://www.redhat.com/support/errata/RHSA-2005-009.html http://secunia.com/advisories/13254 SuSE Security Announcement: SUSE-SR:2005:001 (Google Search) http://www.novell.com/linux/security/advisories/2005_01_sr.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.