Test ID:	1.3.6.1.4.1.25623.1.0.58956
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2007:0905
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2007:0905. The kdebase packages provide the core applications for KDE, the K Desktop Environment. These core packages include Konqueror, the web browser and file manager. These updated packages address the following vulnerabilities: Kees Huijgen found a flaw in the way KDM handled logins when autologin and shutdown with password were enabled. A local user would have been able to login via KDM as any user without requiring a password. (CVE-2007-4569) Two Konqueror address spoofing flaws were discovered. A malicious web site could spoof the Konqueror address bar, tricking a victim into believing the page was from a different site. (CVE-2007-3820, CVE-2007-4224) Users of KDE should upgrade to these updated packages, which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0905.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4569 1018724 http://securitytracker.com/id?1018724 25730 http://www.securityfocus.com/bid/25730 26894 http://secunia.com/advisories/26894 26904 http://secunia.com/advisories/26904 26915 http://secunia.com/advisories/26915 26929 http://secunia.com/advisories/26929 26977 http://secunia.com/advisories/26977 27089 http://secunia.com/advisories/27089 27096 http://secunia.com/advisories/27096 27106 http://secunia.com/advisories/27106 27180 http://secunia.com/advisories/27180 27271 http://secunia.com/advisories/27271 ADV-2007-3227 http://www.vupen.com/english/advisories/2007/3227 DSA-1376 http://www.debian.org/security/2007/dsa-1376 FEDORA-2007-2361 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html FEDORA-2007-716 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html GLSA-200710-15 http://security.gentoo.org/glsa/glsa-200710-15.xml MDKSA-2007:190 http://www.mandriva.com/security/advisories?name=MDKSA-2007:190 RHSA-2007:0905 http://www.redhat.com/support/errata/RHSA-2007-0905.html SUSE-SR:2007:021 http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html USN-517-1 http://www.ubuntu.com/usn/usn-517-1 http://www.kde.org/info/security/advisory-20070919-1.txt https://issues.rpath.com/browse/RPL-1725 kde-kdm-login-security-bypass(36711) https://exchange.xforce.ibmcloud.com/vulnerabilities/36711 oval:org.mitre.oval:def:10359 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10359 Common Vulnerability Exposure (CVE) ID: CVE-2007-3820 BugTraq ID: 24912 http://www.securityfocus.com/bid/24912 BugTraq ID: 24918 http://www.securityfocus.com/bid/24918 Bugtraq: 20070713 Opera/Konqueror: data: URL scheme address bar spoofing (Google Search) http://www.securityfocus.com/archive/1/473703/100/0/threaded Bugtraq: 20070714 Re: Opera/Konqueror: data: URL scheme address bar spoofing (Google Search) http://www.securityfocus.com/archive/1/473712/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00085.html http://www.mandriva.com/security/advisories?name=MDKSA-2007:176 http://alt.swiecki.net/oper1.html http://osvdb.org/37242 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10345 http://www.redhat.com/support/errata/RHSA-2007-0909.html http://www.securitytracker.com/id?1018396 http://secunia.com/advisories/26091 http://secunia.com/advisories/26612 http://secunia.com/advisories/26720 http://secunia.com/advisories/27090 http://secunia.com/advisories/27108 http://securityreason.com/securityalert/2905 http://www.ubuntu.com/usn/usn-502-1 http://www.vupen.com/english/advisories/2007/2538 XForce ISS Database: opera-konqueror-addressbar-spoofing(35430) https://exchange.xforce.ibmcloud.com/vulnerabilities/35430 Common Vulnerability Exposure (CVE) ID: CVE-2007-4224 BugTraq ID: 25219 http://www.securityfocus.com/bid/25219 Bugtraq: 20070806 Konqueror: URL address bar spoofing vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/475689/100/0/threaded Bugtraq: 20070806 Re: Konqueror: URL address bar spoofing vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/475731/100/0/threaded Bugtraq: 20070806 Re: Konqueror: URL address bar spoofingvulnerabilities (Google Search) http://www.securityfocus.com/archive/1/475730/100/0/threaded Bugtraq: 20070807 Re: [Full-disclosure] Konqueror: URL address bar spoofing vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/475763/100/0/threaded http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9879 http://securitytracker.com/id?1018579 http://secunia.com/advisories/26351 http://secunia.com/advisories/26690 http://securityreason.com/securityalert/2982 SuSE Security Announcement: SUSE-SR:2007:021 (Google Search) http://www.vupen.com/english/advisories/2007/2807 XForce ISS Database: konqueror-setinterval-spoofing(35828) https://exchange.xforce.ibmcloud.com/vulnerabilities/35828
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.