 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.51647 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2005:065 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2005:065. The kdelibs packages include libraries for the K Desktop Environment. Two flaws were found in the sandbox environment used to run Java-applets in the Konqueror web browser. If a user has Java enabled in Konqueror and visits a malicious website, the website could run a carefully crafted Java-applet and obtain escalated privileges allowing reading and writing of arbitrary files with the privileges of the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1145 to this issue. A flaw was discovered in the FTP kioslave. KDE applications such as Konqueror could be forced to execute arbitrary FTP commands via a carefully crafted ftp URL. The URL could also be crafted in such a way as to send an arbitrary email via SMTP. An attacker could make use of this flaw if a victim visits a malicious web site. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-1165 to this issue. Users should update to these erratum packages which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-065.html http://www.kde.org/info/security/advisory-20041220-1.txt http://www.kde.org/info/security/advisory-20050101-1.txt Risk factor : High CVSS Score: 7.5 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-1145 Bugtraq: 20041220 KDE Security Advisory: Konqueror Java Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110356286722875&w=2 CERT/CC vulnerability note: VU#420222 http://www.kb.cert.org/vuls/id/420222 http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:154 http://www.heise.de/security/dienste/browsercheck/tests/java.shtml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10173 http://www.redhat.com/support/errata/RHSA-2005-065.html http://secunia.com/advisories/13586 XForce ISS Database: konqueror-sandbox-restriction-bypass(18596) https://exchange.xforce.ibmcloud.com/vulnerabilities/18596 Common Vulnerability Exposure (CVE) ID: CVE-2004-1165 Bugtraq: 20041205 7a69Adv#16 - Konqueror FTP command injection (Google Search) http://marc.info/?l=bugtraq&m=110245752232681&w=2 Debian Security Information: DSA-631 (Google Search) http://www.debian.org/security/2005/dsa-631 http://www.gentoo.org/security/en/glsa/glsa-200501-18.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9645 http://www.redhat.com/support/errata/RHSA-2005-009.html XForce ISS Database: web-browser-ftp-command-execution(18384) https://exchange.xforce.ibmcloud.com/vulnerabilities/18384 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |