SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   KDE Konqueror Vendors:   KDE.org
KDE Konqueror FTP PASV Implementation Permits Port Scanning
SecurityTracker Alert ID:  1017801
SecurityTracker URL:  http://securitytracker.com/id/1017801
CVE Reference:   CVE-2007-1564   (Links to External Site)
Updated:  Mar 26 2007
Original Entry Date:  Mar 21 2007
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 3.5.6 and prior versions
Description:   A vulnerability was reported in KDE Konqueror. A remote user can cause Konqueror to conduct portscans.

In response to an FTP PASV command from the target user's Konqueror client, the remote connected FTP server can return a port number and different IP address, causing the Konqueror client to connect to the specified IP address and port number.

A remote user can create a specially crafted web page that, when loaded by the target user, will cause the target user's browser to connect to a malicious FTP server and then scan the ports specified by the malicious FTP server, including scanning systems that are on the target user's internal network.

Mark at bindshell.net reported this vulnerability.

The original advisory is available at:

http://bindshell.net/papers/ftppasv

Impact:   A remote user can cause Konqueror to conduct portscans.
Solution:   The vendor has issued the following patches:

Patch for KDE 3.5.x and newer is available from
ftp://ftp.kde.org/pub/kde/security_patches :

62872147c2d369feb3d9077e9b32b03d CVE-2007-1564-kdelibs-3.5.6.diff

Patch for KDE 3.4.x and newer is available from
ftp://ftp.kde.org/pub/kde/security_patches :

13535c902a6b3223005adfc1fccdd32f CVE-2007-1564-kdelibs-3.4.3.diff

The KDE advisory is available at:

http://www.kde.org/info/security/advisory-20070326-1.txt

Vendor URL:  www.kde.org/info/security/advisory-20070326-1.txt (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC