Vulnerabilities > CVE-2004-0746
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 13 | |
| OS | 7 | |
| OS | 4 | |
| OS | 2 | |
| OS | 1 |
Nessus
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2004-247-01.NASL description New kdelibs and kdebase packages are available for Slackware 9.1, 10.0, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 18782 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18782 title Slackware 10.0 / 9.1 / current : kde (SSA:2004-247-01) NASL family Fedora Local Security Checks NASL id FEDORA_2004-293.NASL description Andrew Tuitt reported that versions of KDE up to and including 3.2.3 create temporary directories with predictable names. A local attacker could prevent KDE applications from functioning correctly, or overwrite files owned by other users by creating malicious symlinks. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-0689 to this issue. WESTPOINT internet reconnaissance services has discovered that the KDE web browser Konqueror allows websites to set cookies for certain country specific secondary top level domains. An attacker within one of the affected domains could construct a cookie which would be sent to all other websites within the domain leading to a session fixation attack. This issue does not affect popular domains such as .co.uk, .co.in, or .com. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-0721 to this issue. A frame injection spoofing vulnerability has been discovered in the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a named frame of a different browser window. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-0746 to this issue. All users of KDE are advised to upgrade to these packages, which contain backported patches from the KDE team for these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14691 published 2004-09-09 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14691 title Fedora Core 2 : kdebase-3.2.2-6.FC2 (2004-293) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-412.NASL description Updated kdelib and kdebase packages that resolve multiple security issues are now available. The kdelibs packages include libraries for the K Desktop Environment. The kdebase packages include core applications for the K Desktop Environment. Andrew Tuitt reported that versions of KDE up to and including 3.2.3 create temporary directories with predictable names. A local attacker could prevent KDE applications from functioning correctly, or overwrite files owned by other users by creating malicious symlinks. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-0689 to this issue. WESTPOINT internet reconnaissance services has discovered that the KDE web browser Konqueror allows websites to set cookies for certain country specific secondary top level domains. An attacker within one of the affected domains could construct a cookie which would be sent to all other websites within the domain leading to a session fixation attack. This issue does not affect popular domains such as .co.uk, .co.in, or .com. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-0721 to this issue. A frame injection spoofing vulnerability has been discovered in the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a named frame of a different browser window. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-0746 to this issue. All users of KDE are advised to upgrade to these erratum packages, which contain backported patches from the KDE team for these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15427 published 2004-10-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15427 title RHEL 2.1 / 3 : kdelibs, kdebase (RHSA-2004:412) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-086.NASL description A number of vulnerabilities were discovered in KDE that are corrected with these update packages. The integrity of symlinks used by KDE are not ensured and as a result can be abused by local attackers to create or truncate arbitrary files or to prevent KDE applications from functioning correctly (CVE-2004-0689). The DCOPServer creates temporary files in an insecure manner. These temporary files are used for authentication-related purposes, so this could potentially allow a local attacker to compromise the account of any user running a KDE application (CVE-2004-0690). Note that only KDE 3.2.x is affected by this vulnerability. The Konqueror web browser allows websites to load web pages into a frame of any other frame-based web page that the user may have open. This could potentially allow a malicious website to make Konqueror insert its own frames into the page of an otherwise trusted website (CVE-2004-0721). The Konqueror web browser also allows websites to set cookies for certain country-specific top-level domains. This can be done to make Konqueror send the cookies to all other web sites operating under the same domain, which can be abused to become part of a session fixation attack. All country-specific secondary top-level domains that use more than 2 characters in the secondary part of the domain name, and that use a secondary part other than com, net, mil, org, gove, edu, or int are affected (CVE-2004-0746). last seen 2020-06-01 modified 2020-06-02 plugin id 14335 published 2004-08-22 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14335 title Mandrake Linux Security Advisory : kdelibs/kdebase (MDKSA-2004:086) NASL family Fedora Local Security Checks NASL id FEDORA_2004-291.NASL description Andrew Tuitt reported that versions of KDE up to and including 3.2.3 create temporary directories with predictable names. A local attacker could prevent KDE applications from functioning correctly, or overwrite files owned by other users by creating malicious symlinks. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-0689 to this issue. WESTPOINT internet reconnaissance services has discovered that the KDE web browser Konqueror allows websites to set cookies for certain country specific secondary top level domains. An attacker within one of the affected domains could construct a cookie which would be sent to all other websites within the domain leading to a session fixation attack. This issue does not affect popular domains such as .co.uk, .co.in, or .com. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-0721 to this issue. A frame injection spoofing vulnerability has been discovered in the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a named frame of a different browser window. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-0746 to this issue. All users of KDE are advised to upgrade to these packages, which contain backported patches from the KDE team for these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14689 published 2004-09-09 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14689 title Fedora Core 2 : kdelibs-3.2.2-8.FC2 (2004-291) NASL family Fedora Local Security Checks NASL id FEDORA_2004-290.NASL description Andrew Tuitt reported that versions of KDE up to and including 3.2.3 create temporary directories with predictable names. A local attacker could prevent KDE applications from functioning correctly, or overwrite files owned by other users by creating malicious symlinks. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-0689 to this issue. WESTPOINT internet reconnaissance services has discovered that the KDE web browser Konqueror allows websites to set cookies for certain country specific secondary top level domains. An attacker within one of the affected domains could construct a cookie which would be sent to all other websites within the domain leading to a session fixation attack. This issue does not affect popular domains such as .co.uk, .co.in, or .com. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-0721 to this issue. A frame injection spoofing vulnerability has been discovered in the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a named frame of a different browser window. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-0746 to this issue. All users of KDE are advised to upgrade to these erratum packages, which contain backported patches from the KDE team for these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14688 published 2004-09-09 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14688 title Fedora Core 1 : kdelibs-3.1.4-7 (2004-290) NASL family Fedora Local Security Checks NASL id FEDORA_2004-292.NASL description Andrew Tuitt reported that versions of KDE up to and including 3.2.3 create temporary directories with predictable names. A local attacker could prevent KDE applications from functioning correctly, or overwrite files owned by other users by creating malicious symlinks. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-0689 to this issue. WESTPOINT internet reconnaissance services has discovered that the KDE web browser Konqueror allows websites to set cookies for certain country specific secondary top level domains. An attacker within one of the affected domains could construct a cookie which would be sent to all other websites within the domain leading to a session fixation attack. This issue does not affect popular domains such as .co.uk, .co.in, or .com. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-0721 to this issue. A frame injection spoofing vulnerability has been discovered in the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a named frame of a different browser window. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-0746 to this issue. All users of KDE are advised to upgrade to these packages, which contain backported patches from the KDE team for these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14690 published 2004-09-09 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14690 title Fedora Core 1 : kdebase-3.1.4-7 (2004-292) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_2797B27AF55B11D881B0000347A4FA7D.NASL description According to a KDE Security Advisory : WESTPOINT internet reconnaissance services alerted the KDE security team that the KDE web browser Konqueror allows websites to set cookies for certain country specific secondary top level domains. Websites operating under the affected domains can set HTTP cookies in such a way that the Konqueror web browser will send them to all other websites operating under the same domain. A malicious website can use this as part of a session fixation attack. See e.g. http://www.acros.si/papers/session_fixation.pdf Affected are all country specific secondary top level domains that use more than 2 characters in the secondary part of the domain name and that use a secondary part other than com, net, mil, org, gov, edu or int. Examples of affected domains are .ltd.uk, .plc.uk and .firm.in It should be noted that popular domains such as .co.uk, .co.in and .com are NOT affected. last seen 2020-06-01 modified 2020-06-02 plugin id 18877 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18877 title FreeBSD : kdelibs -- konqueror cross-domain cookie injection (2797b27a-f55b-11d8-81b0-000347a4fa7d)
Oval
| accepted | 2013-04-29T04:12:53.708-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:11281 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||
| title | Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | ||||||||
| version | 26 |
Redhat
| rpms |
|
References
- http://www.securityfocus.com/bid/10991
- http://www.kde.org/info/security/advisory-20040823-1.txt
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086
- http://secunia.com/advisories/12341
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864
- http://marc.info/?l=bugtraq&m=109327681304401&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17063
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11281