Vulnerabilities > CVE-2002-1151 - Unspecified vulnerability in KDE and Konqueror
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 | |
| OS | 5 |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-003.NASL description A security issue has been found in KDE. This errata provides updates which resolve these issues. KDE is a graphical desktop environment for the X Window System. KDE fails in multiple places to properly quote URLs and filenames before passing them to a command shell. This could allow remote attackers to execute arbitrary commands through carefully crafted URLs, filenames, or email addresses. Users of KDE are advised to install the updated packages which contain backported patches to correct this issue. Please note that for the Itanium (IA64) architecture only, this update also fixes several other vulnerabilities. Details concerning these vulnerabilities can be found in advisory RHSA-2002:221 and correspond to CVE names CVE-2002-0970, CVE-2002-1151, CVE-2002-1247, and CVE-2002-1306. last seen 2020-06-01 modified 2020-06-02 plugin id 12347 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12347 title RHEL 2.1 : kdelibs (RHSA-2003:003) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2003:003. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12347); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2002-1393"); script_xref(name:"RHSA", value:"2003:003"); script_name(english:"RHEL 2.1 : kdelibs (RHSA-2003:003)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A security issue has been found in KDE. This errata provides updates which resolve these issues. KDE is a graphical desktop environment for the X Window System. KDE fails in multiple places to properly quote URLs and filenames before passing them to a command shell. This could allow remote attackers to execute arbitrary commands through carefully crafted URLs, filenames, or email addresses. Users of KDE are advised to install the updated packages which contain backported patches to correct this issue. Please note that for the Itanium (IA64) architecture only, this update also fixes several other vulnerabilities. Details concerning these vulnerabilities can be found in advisory RHSA-2002:221 and correspond to CVE names CVE-2002-0970, CVE-2002-1151, CVE-2002-1247, and CVE-2002-1306." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2002-1393" ); # http://www.kde.org/info/security/advisory-20021220-1.txt script_set_attribute( attribute:"see_also", value:"https://www.kde.org/info/security/advisory-20021220-1.txt" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2003:003" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:arts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdebase"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdebase-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdegames"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdegraphics"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdegraphics-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs-sound"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs-sound-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdemultimedia"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdemultimedia-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdenetwork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdenetwork-ppp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdepim"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdepim-cellphone"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdepim-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdepim-pilot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdesdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdesdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdeutils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/01/17"); script_set_attribute(attribute:"patch_publication_date", value:"2003/02/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2003:003"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"arts-2.2.2-6")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdebase-2.2.2-6")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdebase-devel-2.2.2-6")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdegames-2.2.2-2")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdegraphics-2.2.2-3")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdegraphics-devel-2.2.2-3")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-2.2.2-6")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-devel-2.2.2-6")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-sound-2.2.2-6")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-sound-devel-2.2.2-6")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdemultimedia-2.2.2-4")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdemultimedia-devel-2.2.2-4")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdenetwork-2.2.2-3")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdenetwork-ppp-2.2.2-3")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdepim-2.2.2-4")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdepim-cellphone-2.2.2-4")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdepim-devel-2.2.2-4")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdepim-pilot-2.2.2-4")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdesdk-2.2.2-2")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdesdk-devel-2.2.2-2")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdeutils-2.2.2-2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "arts / kdebase / kdebase-devel / kdegames / kdegraphics / etc"); } }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-167.NASL description A cross site scripting problem has been discovered in Konqueror, a famous browser for KDE and other programs using KHTML. The KDE team reportsthat Konqueror last seen 2020-06-01 modified 2020-06-02 plugin id 15004 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15004 title Debian DSA-167-1 : kdelibs - XSS code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-167. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15004); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2002-1151"); script_xref(name:"DSA", value:"167"); script_name(english:"Debian DSA-167-1 : kdelibs - XSS"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "A cross site scripting problem has been discovered in Konqueror, a famous browser for KDE and other programs using KHTML. The KDE team reportsthat Konqueror's cross site scripting protection fails to initialize the domains on sub-(i)frames correctly. As a result, JavaScript is able to access any foreign subframe which is defined in the HTML source. Users of Konqueror and other KDE software that uses the KHTML rendering engine may become victim of a cookie stealing and other cross site scripting attacks." ); script_set_attribute( attribute:"see_also", value:"http://www.kde.org/info/security/advisory-20020908-2.txt" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2002/dsa-167" ); script_set_attribute( attribute:"solution", value: "Upgrade the kdelibs package and restart Konqueror. This problem has been fixed in version 2.2.2-13.woody.3 for the current stable distribution (woody) and in version 2.2.2-14 for the unstable distribution (sid). The old stable distribution (potato) is not affected since it didn't ship KDE." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:Konquerer"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2002/09/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/09/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"kdelibs-dev", reference:"2.2.2-13.woody.3")) flag++; if (deb_check(release:"3.0", prefix:"kdelibs3", reference:"2.2.2-13.woody.3")) flag++; if (deb_check(release:"3.0", prefix:"kdelibs3-bin", reference:"2.2.2-13.woody.3")) flag++; if (deb_check(release:"3.0", prefix:"kdelibs3-cups", reference:"2.2.2-13.woody.3")) flag++; if (deb_check(release:"3.0", prefix:"kdelibs3-doc", reference:"2.2.2-13.woody.3")) flag++; if (deb_check(release:"3.0", prefix:"libarts", reference:"2.2.2-13.woody.3")) flag++; if (deb_check(release:"3.0", prefix:"libarts-alsa", reference:"2.2.2-13.woody.3")) flag++; if (deb_check(release:"3.0", prefix:"libarts-dev", reference:"2.2.2-13.woody.3")) flag++; if (deb_check(release:"3.0", prefix:"libkmid", reference:"2.2.2-13.woody.3")) flag++; if (deb_check(release:"3.0", prefix:"libkmid-alsa", reference:"2.2.2-13.woody.3")) flag++; if (deb_check(release:"3.0", prefix:"libkmid-dev", reference:"2.2.2-13.woody.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2002-064.NASL description A vulnerability was discovered in Konqueror last seen 2020-06-01 modified 2020-06-02 plugin id 13965 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13965 title Mandrake Linux Security Advisory : kdelibs (MDKSA-2002:064) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2002:064. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(13965); script_version ("1.19"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2002-1151"); script_xref(name:"MDKSA", value:"2002:064"); script_name(english:"Mandrake Linux Security Advisory : kdelibs (MDKSA-2002:064)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability was discovered in Konqueror's cross site scripting protection, in that it fails to initialize the domains on sub-(i)frames correctly. Because of this, JavaScript may access any foreign subframe which is defined in the HTML source, which can be used to steal cookies from the client and allow other cross-site scripting attacks. This also affects other KDE software that uses the KHTML rendering engine. This is fixed in KDE 3.0.3a, and the KDE team provided a patch for KDE 2.2.2. This patch has been applied to the following packages. After upgrading kdelibs, you must restart KDE in order for the fix to work." ); # http://web.archive.org/web/20080516203053/http://online.securityfocus.com/archive/1/290710/2002-09-03/2002-09-09/0 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b6505e34" ); script_set_attribute( attribute:"see_also", value:"http://www.kde.org/info/security/advisory-20020908-2.txt" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:arts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdelibs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdelibs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdelibs-sound"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdelibs-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libarts2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libarts2-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"patch_publication_date", value:"2002/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"arts-2.2.1-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"kdelibs-2.2.1-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"kdelibs-devel-2.2.1-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"kdelibs-sound-2.2.1-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"kdelibs-static-devel-2.2.1-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"libarts2-2.2.1-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"libarts2-devel-2.2.1-6.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"arts-2.2.2-49.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"kdelibs-2.2.2-49.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"kdelibs-devel-2.2.2-49.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"kdelibs-sound-2.2.2-49.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libarts2-2.2.2-49.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libarts2-devel-2.2.2-49.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2002-221.NASL description A number of vulnerabilities have been found that affect various versions of KDE. This errata provides updates for these issues. KDE is a graphical desktop environment for workstations. A number of vulnerabilities have been found in various versions of KDE. The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. The Common Vulnerabilities and Exposures project has assigned the name CVE-2002-0970 to this issue. The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute scripts and steal cookies from subframes that are in other domains. (CVE-2002-1151) Multiple buffer overflows exist in the KDE LAN browsing implementation; the reslisa daemon contains a buffer overflow vulnerability which could be exploited if the reslisa binary is SUID root. Additionally, the lisa daemon contains a vulnerability which potentially enables any local user, as well any any remote attacker on the LAN who is able to gain control of the LISa port (7741 by default), to obtain root privileges. In Red Hat Linux reslisa is not SUID root and lisa services are not automatically started. (CVE-2002-1247, CVE-2002-1306) Red Hat Linux Advanced Server 2.1 provides KDE version 2.2.2 and is therefore vulnerable to these issues. This errata provides new kdelibs and kdenetworks packages which contain patches to correct these issues. Please note that there is are two additional vulnerabilities that affect KDE 2.x which are not fixed by this errata. A vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a carefully crafted URL. (CVE-2002-1281). A similar vulnerability affects the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later. (CVE-2002-1282) At this time, Red Hat recommends disabling both the rlogin and telnet KIO protocols as a workaround. To disable both protocols, execute these commands while logged in as root : rm /usr/share/services/rlogin.protocol rm /usr/share/services/telnet.protocol last seen 2020-06-01 modified 2020-06-02 plugin id 12328 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12328 title RHEL 2.1 : kdelibs (RHSA-2002:221) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2002:221. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12328); script_version ("1.27"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2002-0970", "CVE-2002-1151", "CVE-2002-1247", "CVE-2002-1306"); script_xref(name:"RHSA", value:"2002:221"); script_name(english:"RHEL 2.1 : kdelibs (RHSA-2002:221)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A number of vulnerabilities have been found that affect various versions of KDE. This errata provides updates for these issues. KDE is a graphical desktop environment for workstations. A number of vulnerabilities have been found in various versions of KDE. The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. The Common Vulnerabilities and Exposures project has assigned the name CVE-2002-0970 to this issue. The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute scripts and steal cookies from subframes that are in other domains. (CVE-2002-1151) Multiple buffer overflows exist in the KDE LAN browsing implementation; the reslisa daemon contains a buffer overflow vulnerability which could be exploited if the reslisa binary is SUID root. Additionally, the lisa daemon contains a vulnerability which potentially enables any local user, as well any any remote attacker on the LAN who is able to gain control of the LISa port (7741 by default), to obtain root privileges. In Red Hat Linux reslisa is not SUID root and lisa services are not automatically started. (CVE-2002-1247, CVE-2002-1306) Red Hat Linux Advanced Server 2.1 provides KDE version 2.2.2 and is therefore vulnerable to these issues. This errata provides new kdelibs and kdenetworks packages which contain patches to correct these issues. Please note that there is are two additional vulnerabilities that affect KDE 2.x which are not fixed by this errata. A vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a carefully crafted URL. (CVE-2002-1281). A similar vulnerability affects the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later. (CVE-2002-1282) At this time, Red Hat recommends disabling both the rlogin and telnet KIO protocols as a workaround. To disable both protocols, execute these commands while logged in as root : rm /usr/share/services/rlogin.protocol rm /usr/share/services/telnet.protocol" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2002-0970" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2002-1151" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2002-1247" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2002-1306" ); # http://marc.theaimsgroup.com/?l=bugtraq&m=102977530005148 script_set_attribute( attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=102977530005148" ); # http://www.kde.org/info/security/advisory-20020908-2.txt script_set_attribute( attribute:"see_also", value:"https://www.kde.org/info/security/advisory-20020908-2.txt" ); # http://www.kde.org/info/security/advisory-20021111-1.txt script_set_attribute( attribute:"see_also", value:"https://www.kde.org/info/security/advisory-20021111-1.txt" ); # http://www.kde.org/info/security/advisory-20021111-2.txt script_set_attribute( attribute:"see_also", value:"https://www.kde.org/info/security/advisory-20021111-2.txt" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2002:221" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:arts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs-sound"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs-sound-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdenetwork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdenetwork-ppp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/09/24"); script_set_attribute(attribute:"patch_publication_date", value:"2002/11/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2002:221"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"arts-2.2.2-3")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-2.2.2-3")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-devel-2.2.2-3")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-sound-2.2.2-3")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-sound-devel-2.2.2-3")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdenetwork-2.2.2-2")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdenetwork-ppp-2.2.2-2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "arts / kdelibs / kdelibs-devel / kdelibs-sound / etc"); } }
Redhat
| advisories |
|
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000525
- http://marc.info/?l=bugtraq&m=103175850925395&w=2
- http://www.debian.org/security/2002/dsa-167
- http://www.iss.net/security_center/static/10039.php
- http://www.kde.org/info/security/advisory-20020908-2.txt
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-064.php
- http://www.osvdb.org/7867
- http://www.redhat.com/support/errata/RHSA-2002-220.html
- http://www.redhat.com/support/errata/RHSA-2002-221.html
- http://www.securityfocus.com/bid/5689