SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   KDE Konqueror Vendors:   KDE.org
(Gentoo Issues Fix) KDE Konqueror Java Bugs Let Remote Users Access Restricted Java Classes
SecurityTracker Alert ID:  1012843
SecurityTracker URL:  http://securitytracker.com/id/1012843
CVE Reference:   CVE-2004-1145   (Links to External Site)
Date:  Jan 12 2005
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.3.1 and prior versions
Description:   A vulnerability was reported in KDE Konqueror in the Java implementation. A remote user can bypass the Java sandbox security mechanism and can also gain access to certain restricted Java classes.

The vendor reported that a remote user can create JavaScript that, when loaded by the target user, will be able to bypass the Java sandbox security mechanisms and access restricted Java classes. Also, a remote user can create Java code that, when loaded by the target user, can access certain Java classes that it should not be able to access.

In both cases, the applet may be able to obtain elevated privileges to read and write files with the privileges of the target user.

The vendor was notified on November 24, 2004.

heise Security is credited with reporting this flaw.

A demonstration exploit check is available at:

http://www.heise.de/security/dienste/browsercheck/tests/java.shtml

Impact:   A remote user can access to restricted Java classes to potentially read and write files on the target system with the privileges of the target user.
Solution:   Gentoo has released a fix and indicates that all kdelibs users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose kde-base/kdelibs

Vendor URL:  www.kde.org/info/security/advisory-20041220-1.txt (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Gentoo)

Message History:   This archive entry is a follow-up to the message listed below.
Dec 20 2004 KDE Konqueror Java Bugs Let Remote Users Access Restricted Java Classes



 Source Message Contents

Subject:  [gentoo-announce] [ GLSA 200501-16 ] Konqueror: Java sandbox vulnerabilities


--nextPart1306589.PhzJq1KNSZ
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200501-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Konqueror: Java sandbox vulnerabilities
      Date: January 11, 2005
      Bugs: #72750
        ID: 200501-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

The Java sandbox environment in Konqueror can be bypassed to access
arbitrary packages, allowing untrusted Java applets to perform
unrestricted actions on the host system.

Background
==========

KDE is a feature-rich graphical desktop environment for Linux and
Unix-like Operating Systems. Konqueror is the KDE web browser and file
manager.

Affected packages
=================

    -------------------------------------------------------------------
     Package           /  Vulnerable  /                     Unaffected
    -------------------------------------------------------------------
  1  kde-base/kdelibs       < 3.3.2                           >= 3.3.2

Description
===========

Konqueror contains two errors that allow JavaScript scripts and Java
applets to have access to restricted Java classes.

Impact
======

A remote attacker could embed a malicious Java applet in a web page and
entice a victim to view it. This applet can then bypass security
restrictions and execute any command, or access any file with the
rights of the user running Konqueror.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All kdelibs users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose kde-base/kdelibs

Note: There is currently no fixed stable version for sparc.

References
==========

  [ 1 ] KDE Security Advisory: Konqueror Java Vulnerability
        http://www.kde.org/info/security/advisory-20041220-1.txt
  [ 2 ] CAN 2004-1145
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1145

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200501-16.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

--nextPart1306589.PhzJq1KNSZ
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQBB489RzKC5hMHO6rkRAuSsAJoDI5y2ErPLTdHMPpxEUtgAOdu16ACgkGWn
LCHYqz+dbJSjorVXN6ZdfO8=
=ALvq
-----END PGP SIGNATURE-----

--nextPart1306589.PhzJq1KNSZ--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC