KDE Konqueror Flaw Lets Remote Users Spoof the Address Bar
|
|
SecurityTracker Alert ID: 1018579 |
|
SecurityTracker URL: http://securitytracker.com/id/1018579
|
|
CVE Reference:
CVE-2007-4224, CVE-2007-4225
(Links to External Site)
|
Updated: Sep 14 2007
|
Original Entry Date: Aug 16 2007
|
Impact:
Modification of system information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.5.7 and prior versions
|
Description:
A vulnerability was reported in KDE Konqueror. A remote user can spoof the address bar.
A remote user can create a specially crafted URL that includes embedded white spaces within the user/password portion of the URL. When the URL is loaded by the target user, the address bar may appear as if the browser is on a different page.
A remote web site can cause the target user's address bar to appear as if the browser has navigated to a different page.
Some demonstration exploits are available at:
http://alt.swiecki.net/konq2.html
http://alt.swiecki.net/konq3.html
Robert Swiecki reported this vulnerability.
|
Impact:
A remote user can spoof the address bar.
|
Solution:
The vendor has issued the following patches, available at:
ftp://ftp.kde.org/pub/kde/security_patches
For 3.5.7 and newer:
e15d6b5580c5a20ab935f8e553d113e0 post-3.5.7-kdebase-konqueror-2.diff
4c0fb2576875ded606f276421fc49752 post-3.5.7-kdelibs-kdecore-2.diff
For 3.4.2 and newer:
d9a07e8d9a138ef9da90b7af8e35d977 post-3.4.2-kdebase-konqueror.diff
On September 14, 2007, the above listed patches were released as part of an updated advisory, issued to replace the original advisory.
The new KDE advisory is available at:
http://www.kde.org/info/security/advisory-20070914-1.txt
The original KDE advisory is available at:
http://www.kde.org/info/security/advisory-20070816-1.txt
|
Vendor URL: www.kde.org/info/security/advisory-20070914-1.txt (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 16 Aug 2007 14:55:13 -0400
Subject: KDE Konqueror
|
KDE Security Advisory: konqueror address bar spoofing
Original Release Date: 2007-08-16
URL: http://www.kde.org/info/security/advisory-20070816-1.txt
0. References
CVE-2007-4224
CVE-2007-4225
CVE-2007-3820
1. Systems affected:
Konqueror as shipped with KDE up to including KDE 3.5.7.
2. Overview:
The Konqueror address bar is vulnerable to spoofing attacks
that are based on embedding white spaces in the url. In addition
the address bar could be tricked to show an URL which it is
intending to visit for a short amount of time instead of the
current URL.
3. Impact:
Malicious web sites could spoof another website's URL. The
attack is limited to the address bar, it does not affect
additional security measures, like for example the SSL certificate
validation.
4. Solution:
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
5. Patch:
Patches for KDE 3.5.7 and newer is available from
ftp://ftp.kde.org/pub/kde/security_patches :
944209ee05e2e64cf654ffbbac1711e7 post-3.5.7-kdelibs-kdecore.diff
e15d6b5580c5a20ab935f8e553d113e0 post-3.5.7-kdebase-konqueror.diff
|
|
