Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:009

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51607

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2005:009

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2005:009.

The kdelibs packages include libraries for the K Desktop Environment. The
kdebase packages include core applications for the K Desktop Environment.

Secunia Research discovered a window injection spoofing vulnerability
affecting the Konqueror web browser. This issue could allow a malicious
website to show arbitrary content in a different browser window. The Common
Vulnerabilities and Exposures project has assigned the name CVE-2004-1158
to this issue.

A bug was discovered in the way kioslave handles URL-encoded newline (%0a)
characters before the FTP command. It is possible that a specially crafted
URL could be used to execute any ftp command on a remote server, or
potentially send unsolicited email. The Common Vulnerabilities and
Exposures project has assigned the name CVE-2004-1165 to this issue.

A bug was discovered that can crash KDE screensaver under certain local
circumstances. This could allow an attacker with physical access to the
workstation to take over a locked desktop session. Please note that this
issue only affects Red Hat Enterprise Linux 2.1. The Common Vulnerabilities
and Exposures project has assigned the name CVE-2005-0078 to this issue.

All users of KDE are advised to upgrade to this updated packages, which
contain backported patches to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-009.html
http://www.kde.org/info/security/advisory-20041213-1.txt
http://www.kde.org/info/security/advisory-20050101-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0078

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-1158
BugTraq ID: 11853
http://www.securityfocus.com/bid/11853
Bugtraq: 20041213 KDE Security Advisory: Konqueror Window Injection Vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=110296048613575&w=2
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
http://secunia.com/secunia_research/2004-13/advisory/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11056
http://www.redhat.com/support/errata/RHSA-2005-009.html
http://secunia.com/advisories/13254
http://secunia.com/advisories/13477
http://secunia.com/advisories/13486
http://secunia.com/advisories/13560
SuSE Security Announcement: SUSE-SR:2005:001 (Google Search)
http://www.novell.com/linux/security/advisories/2005_01_sr.html
Common Vulnerability Exposure (CVE) ID: CVE-2004-1165
Bugtraq: 20041205 7a69Adv#16 - Konqueror FTP command injection (Google Search)
http://marc.info/?l=bugtraq&m=110245752232681&w=2
Debian Security Information: DSA-631 (Google Search)
http://www.debian.org/security/2005/dsa-631
http://www.gentoo.org/security/en/glsa/glsa-200501-18.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:045
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9645
http://www.redhat.com/support/errata/RHSA-2005-065.html
XForce ISS Database: web-browser-ftp-command-execution(18384)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18384
Common Vulnerability Exposure (CVE) ID: CVE-2005-0078
Debian Security Information: DSA-660 (Google Search)
http://www.debian.org/security/2005/dsa-660
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9260
XForce ISS Database: kdebase-screensaver-security-bypass(19084)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19084

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51607
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:009
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:009. The kdelibs packages include libraries for the K Desktop Environment. The kdebase packages include core applications for the K Desktop Environment. Secunia Research discovered a window injection spoofing vulnerability affecting the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a different browser window. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-1158 to this issue. A bug was discovered in the way kioslave handles URL-encoded newline (%0a) characters before the FTP command. It is possible that a specially crafted URL could be used to execute any ftp command on a remote server, or potentially send unsolicited email. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-1165 to this issue. A bug was discovered that can crash KDE screensaver under certain local circumstances. This could allow an attacker with physical access to the workstation to take over a locked desktop session. Please note that this issue only affects Red Hat Enterprise Linux 2.1. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-0078 to this issue. All users of KDE are advised to upgrade to this updated packages, which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-009.html http://www.kde.org/info/security/advisory-20041213-1.txt http://www.kde.org/info/security/advisory-20050101-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1158 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0078 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1158 BugTraq ID: 11853 http://www.securityfocus.com/bid/11853 Bugtraq: 20041213 KDE Security Advisory: Konqueror Window Injection Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110296048613575&w=2 http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ http://secunia.com/secunia_research/2004-13/advisory/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11056 http://www.redhat.com/support/errata/RHSA-2005-009.html http://secunia.com/advisories/13254 http://secunia.com/advisories/13477 http://secunia.com/advisories/13486 http://secunia.com/advisories/13560 SuSE Security Announcement: SUSE-SR:2005:001 (Google Search) http://www.novell.com/linux/security/advisories/2005_01_sr.html Common Vulnerability Exposure (CVE) ID: CVE-2004-1165 Bugtraq: 20041205 7a69Adv#16 - Konqueror FTP command injection (Google Search) http://marc.info/?l=bugtraq&m=110245752232681&w=2 Debian Security Information: DSA-631 (Google Search) http://www.debian.org/security/2005/dsa-631 http://www.gentoo.org/security/en/glsa/glsa-200501-18.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9645 http://www.redhat.com/support/errata/RHSA-2005-065.html XForce ISS Database: web-browser-ftp-command-execution(18384) https://exchange.xforce.ibmcloud.com/vulnerabilities/18384 Common Vulnerability Exposure (CVE) ID: CVE-2005-0078 Debian Security Information: DSA-660 (Google Search) http://www.debian.org/security/2005/dsa-660 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9260 XForce ISS Database: kdebase-screensaver-security-bypass(19084) https://exchange.xforce.ibmcloud.com/vulnerabilities/19084
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com