Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58957
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0909
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0909.

The kdelibs package provides libraries for the K Desktop Environment (KDE).

Two cross-site-scripting flaws were found in the way Konqueror processes
certain HTML content. This could result in a malicious attacker presenting
misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537)

A flaw was found in KDE JavaScript implementation. A web page containing
malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308)

A flaw was found in the way Konqueror handled certain FTP PASV commands.
A malicious FTP server could use this flaw to perform a rudimentary
port-scan of machines behind a user's firewall. (CVE-2007-1564)

Two Konqueror address spoofing flaws have been discovered. It was
possible for a malicious website to cause the Konqueror address bar to
display information which could trick a user into believing they are at a
different website than they actually are. (CVE-2007-3820, CVE-2007-4224)

Users of KDE should upgrade to these updated packages, which contain
backported patches to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0909.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : High

CVSS Score:
6.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-0242
BugTraq ID: 23269
http://www.securityfocus.com/bid/23269
Debian Security Information: DSA-1292 (Google Search)
http://www.debian.org/security/2007/dsa-1292
http://fedoranews.org/updates/FEDORA-2007-703.shtml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:074
http://www.mandriva.com/security/advisories?name=MDKSA-2007:075
http://www.mandriva.com/security/advisories?name=MDKSA-2007:076
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510
http://www.redhat.com/support/errata/RHSA-2007-0883.html
http://www.redhat.com/support/errata/RHSA-2007-0909.html
RedHat Security Advisories: RHSA-2011:1324
http://rhn.redhat.com/errata/RHSA-2011-1324.html
http://secunia.com/advisories/24699
http://secunia.com/advisories/24705
http://secunia.com/advisories/24726
http://secunia.com/advisories/24727
http://secunia.com/advisories/24759
http://secunia.com/advisories/24797
http://secunia.com/advisories/24847
http://secunia.com/advisories/24889
http://secunia.com/advisories/25263
http://secunia.com/advisories/26804
http://secunia.com/advisories/26857
http://secunia.com/advisories/27108
http://secunia.com/advisories/27275
http://secunia.com/advisories/46117
SGI Security Advisory: 20070901-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591
SuSE Security Announcement: SUSE-SR:2007:006 (Google Search)
http://www.novell.com/linux/security/advisories/2007_6_sr.html
http://www.ubuntu.com/usn/usn-452-1
http://www.vupen.com/english/advisories/2007/1212
XForce ISS Database: qt-utf8-xss(33397)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33397
Common Vulnerability Exposure (CVE) ID: CVE-2007-0537
BugTraq ID: 22428
http://www.securityfocus.com/bid/22428
Bugtraq: 20070124 Re: Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/457924/100/0/threaded
http://www.gentoo.org/security/en/glsa/glsa-200703-10.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:031
http://www.mandriva.com/security/advisories?name=MDKSA-2007:157
http://osvdb.org/32975
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10244
http://securitytracker.com/id?1017591
http://secunia.com/advisories/23932
http://secunia.com/advisories/24013
http://secunia.com/advisories/24065
http://secunia.com/advisories/24442
http://secunia.com/advisories/24463
http://www.ubuntu.com/usn/usn-420-1
http://www.vupen.com/english/advisories/2007/0505
Common Vulnerability Exposure (CVE) ID: CVE-2007-1308
BugTraq ID: 22814
http://www.securityfocus.com/bid/22814
Bugtraq: 20070304 Konqueror DoS Via JavaScript Read Of FTP Iframe (Google Search)
http://www.securityfocus.com/archive/1/461897/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052793.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:054
http://bindshell.net/advisories/konq355
http://bindshell.net/advisories/konq355/konq355-patch.diff
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10551
http://securityreason.com/securityalert/2345
http://www.ubuntu.com/usn/usn-447-1
http://www.vupen.com/english/advisories/2007/0886
XForce ISS Database: konqueror-ftp-dos(32798)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32798
Common Vulnerability Exposure (CVE) ID: CVE-2007-1564
BugTraq ID: 23091
http://www.securityfocus.com/bid/23091
http://www.mandriva.com/security/advisories?name=MDKSA-2007:072
http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10646
http://securitytracker.com/id?1017801
http://www.vupen.com/english/advisories/2007/1076
Common Vulnerability Exposure (CVE) ID: CVE-2007-3820
BugTraq ID: 24912
http://www.securityfocus.com/bid/24912
BugTraq ID: 24918
http://www.securityfocus.com/bid/24918
Bugtraq: 20070713 Opera/Konqueror: data: URL scheme address bar spoofing (Google Search)
http://www.securityfocus.com/archive/1/473703/100/0/threaded
Bugtraq: 20070714 Re: Opera/Konqueror: data: URL scheme address bar spoofing (Google Search)
http://www.securityfocus.com/archive/1/473712/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00085.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:176
http://alt.swiecki.net/oper1.html
http://osvdb.org/37242
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10345
http://www.redhat.com/support/errata/RHSA-2007-0905.html
http://www.securitytracker.com/id?1018396
http://secunia.com/advisories/26091
http://secunia.com/advisories/26612
http://secunia.com/advisories/26720
http://secunia.com/advisories/27089
http://secunia.com/advisories/27090
http://secunia.com/advisories/27096
http://secunia.com/advisories/27106
http://securityreason.com/securityalert/2905
http://www.ubuntu.com/usn/usn-502-1
http://www.vupen.com/english/advisories/2007/2538
XForce ISS Database: opera-konqueror-addressbar-spoofing(35430)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35430
Common Vulnerability Exposure (CVE) ID: CVE-2007-4224
BugTraq ID: 25219
http://www.securityfocus.com/bid/25219
Bugtraq: 20070806 Konqueror: URL address bar spoofing vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/475689/100/0/threaded
Bugtraq: 20070806 Re: Konqueror: URL address bar spoofing vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/475731/100/0/threaded
Bugtraq: 20070806 Re: Konqueror: URL address bar spoofingvulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/475730/100/0/threaded
Bugtraq: 20070807 Re: [Full-disclosure] Konqueror: URL address bar spoofing vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/475763/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9879
http://securitytracker.com/id?1018579
http://secunia.com/advisories/26351
http://secunia.com/advisories/26690
http://secunia.com/advisories/27271
http://securityreason.com/securityalert/2982
SuSE Security Announcement: SUSE-SR:2007:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://www.vupen.com/english/advisories/2007/2807
XForce ISS Database: konqueror-setinterval-spoofing(35828)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35828
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.