Test ID:	1.3.6.1.4.1.25623.1.0.59134
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-447-1 (kdelibs)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to kdelibs announced via advisory USN-447-1. A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Details follow: It was discovered that Konqueror did not correctly handle iframes from JavaScript. If a user were tricked into visiting a malicious website, Konqueror could crash, resulting in a denial of service. (CVE-2007-1308) A flaw was discovered in how Konqueror handled PASV FTP responses. If a user were tricked into visiting a malicious FTP server, a remote attacker could perform a port-scan of machines within the user's network, leading to private information disclosure. (CVE-2007-1564) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: kdelibs4c2 4:3.4.3-0ubuntu2.3 Ubuntu 6.06 LTS: kdelibs4c2a 4:3.5.2-0ubuntu18.3 Ubuntu 6.10: kdelibs4c2a 4:3.5.5-0ubuntu3.1.1 After a standard system upgrade you need to restart your session or reboot your computer to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-447-1 Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1308 BugTraq ID: 22814 http://www.securityfocus.com/bid/22814 Bugtraq: 20070304 Konqueror DoS Via JavaScript Read Of FTP Iframe (Google Search) http://www.securityfocus.com/archive/1/461897/100/0/threaded http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052793.html http://www.mandriva.com/security/advisories?name=MDKSA-2007:054 http://bindshell.net/advisories/konq355 http://bindshell.net/advisories/konq355/konq355-patch.diff https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10551 http://www.redhat.com/support/errata/RHSA-2007-0909.html http://secunia.com/advisories/27108 http://securityreason.com/securityalert/2345 http://www.ubuntu.com/usn/usn-447-1 http://www.vupen.com/english/advisories/2007/0886 XForce ISS Database: konqueror-ftp-dos(32798) https://exchange.xforce.ibmcloud.com/vulnerabilities/32798 Common Vulnerability Exposure (CVE) ID: CVE-2007-1564 BugTraq ID: 23091 http://www.securityfocus.com/bid/23091 http://www.mandriva.com/security/advisories?name=MDKSA-2007:072 http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10646 http://securitytracker.com/id?1017801 http://secunia.com/advisories/24889 SuSE Security Announcement: SUSE-SR:2007:006 (Google Search) http://www.novell.com/linux/security/advisories/2007_6_sr.html http://www.vupen.com/english/advisories/2007/1076
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.