Vulnerabilities > CVE-2003-0370

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
apple
kde
redhat
turbolinux
nessus

Summary

Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2003-193.NASL
    descriptionUpdated KDE packages that resolve a vulnerability in KDE
    last seen2020-06-01
    modified2020-06-02
    plugin id12400
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12400
    titleRHEL 2.1 : kdelibs (RHSA-2003:193)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2003:193. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(12400);
      script_version ("1.26");
      script_cvs_date("Date: 2019/10/25 13:36:10");
    
      script_cve_id("CVE-2003-0370");
      script_xref(name:"RHSA", value:"2003:193");
    
      script_name(english:"RHEL 2.1 : kdelibs (RHSA-2003:193)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated KDE packages that resolve a vulnerability in KDE's SSL
    implementation are now available.
    
    KDE is a graphical desktop environment for the X Window System.
    
    KDE versions 2.2.2 and earlier have a vulnerability in their SSL
    implementation that makes it possible for users of Konqueror and other
    SSL enabled KDE software to fall victim to a man-in-the-middle attack.
    
    Users of KDE should upgrade to these erratum packages, which contain
    KDE 2.2.2 with a backported patch to correct this vulnerability."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2003-0370"
      );
      # http://www.kde.org/info/security/advisory-20030602-1.txt
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.kde.org/info/security/advisory-20030602-1.txt"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2003:193"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:arts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs-sound");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs-sound-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/06/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2003/06/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2003:193";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"arts-2.2.2-8")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-2.2.2-8")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-devel-2.2.2-8")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-sound-2.2.2-8")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-sound-devel-2.2.2-8")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "arts / kdelibs / kdelibs-devel / kdelibs-sound / etc");
      }
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-361.NASL
    descriptionTwo vulnerabilities were discovered in kdelibs : - CAN-2003-0459: KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the
    last seen2020-06-01
    modified2020-06-02
    plugin id15198
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15198
    titleDebian DSA-361-2 : kdelibs, kdelibs-crypto - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-361. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15198);
      script_version("1.23");
      script_cvs_date("Date: 2019/08/02 13:32:17");
    
      script_cve_id("CVE-2003-0370", "CVE-2003-0459");
      script_bugtraq_id(7520, 8297);
      script_xref(name:"DSA", value:"361");
    
      script_name(english:"Debian DSA-361-2 : kdelibs, kdelibs-crypto - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Two vulnerabilities were discovered in kdelibs :
    
      - CAN-2003-0459: KDE Konqueror for KDE 3.1.2 and earlier
        does not remove authentication credentials from URLs of
        the 'user:password@host' form in the HTTP-Referer
        header, which could allow remote web sites to steal the
        credentials for pages that link to the sites.
      - CAN-2003-0370: Konqueror Embedded and KDE 2.2.2 and
        earlier does not validate the Common Name (CN) field for
        X.509 Certificates, which could allow remote attackers
        to spoof certificates via a man-in-the-middle attack.
    
    These vulnerabilities are described in the following security
    advisories from KDE :
    
      - 
      -"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2003/dsa-361"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "For the current stable distribution (woody) these problems have been
    fixed in version 2.2.2-13.woody.8 of kdelibs and 2.2.2-6woody2 of
    kdelibs-crypto.
    
    
    We recommend that you update your kdelibs and kdelibs-crypto packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kdelibs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kdelibs-crypto");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"kdelibs-dev", reference:"2.2.2-13.woody.8")) flag++;
    if (deb_check(release:"3.0", prefix:"kdelibs3", reference:"2.2.2-13.woody.8")) flag++;
    if (deb_check(release:"3.0", prefix:"kdelibs3-bin", reference:"2.2.2-13.woody.8")) flag++;
    if (deb_check(release:"3.0", prefix:"kdelibs3-crypto", reference:"2.2.2-6woody2")) flag++;
    if (deb_check(release:"3.0", prefix:"kdelibs3-cups", reference:"2.2.2-13.woody.8")) flag++;
    if (deb_check(release:"3.0", prefix:"kdelibs3-doc", reference:"2.2.2-13.woody.8")) flag++;
    if (deb_check(release:"3.0", prefix:"libarts", reference:"2.2.2-13.woody.8")) flag++;
    if (deb_check(release:"3.0", prefix:"libarts-alsa", reference:"2.2.2-13.woody.8")) flag++;
    if (deb_check(release:"3.0", prefix:"libarts-dev", reference:"2.2.2-13.woody.8")) flag++;
    if (deb_check(release:"3.0", prefix:"libkmid", reference:"2.2.2-13.woody.8")) flag++;
    if (deb_check(release:"3.0", prefix:"libkmid-alsa", reference:"2.2.2-13.woody.8")) flag++;
    if (deb_check(release:"3.0", prefix:"libkmid-dev", reference:"2.2.2-13.woody.8")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    

Redhat

advisories
  • rhsa
    idRHSA-2003:192
  • rhsa
    idRHSA-2003:193