Vulnerabilities > CVE-2004-1158 - Remote Window Hijacking vulnerability in KDE Konqueror
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
Vulnerable Configurations
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-150.NASL description Daniel Fabian discovered a potential privacy issue in KDE. When creating a link to a remote file from various applications, including Konqueror, the resulting URL may contain the authentication credentials used to access that remote resource. This includes, but is not limited to, browsing SMB (Samba) shares. Upon further investigation, it was found that the SMB protocol handler also unnecessarily exposed authentication credentials (CVE-2004-1171). Another vulnerability was discovered where a malicious website could abuse Konqueror to load its own content into a window or tab that was opened by a trusted website, or it could trick a trusted website into loading content into an existing window or tab. This could lead to the user being confused as to the origin of a particular webpage and could have the user unknowingly send confidential information intended for a trusted site to the malicious site (CVE-2004-1158). The updated packages contain a patch from the KDE team to solve this issue. Additionally, the kdelibs and kdebase packages for Mandrakelinux 10.1 contain numerous bugfixes. New qt3 packages are being provided for Mandrakelinux 10.0 that are required to build the kdebase package. last seen 2020-06-01 modified 2020-06-02 plugin id 15981 published 2004-12-15 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15981 title Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:150) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2004:150. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(15981); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2004-0721", "CVE-2004-1158", "CVE-2004-1171"); script_xref(name:"MDKSA", value:"2004:150"); script_name(english:"Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:150)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Daniel Fabian discovered a potential privacy issue in KDE. When creating a link to a remote file from various applications, including Konqueror, the resulting URL may contain the authentication credentials used to access that remote resource. This includes, but is not limited to, browsing SMB (Samba) shares. Upon further investigation, it was found that the SMB protocol handler also unnecessarily exposed authentication credentials (CVE-2004-1171). Another vulnerability was discovered where a malicious website could abuse Konqueror to load its own content into a window or tab that was opened by a trusted website, or it could trick a trusted website into loading content into an existing window or tab. This could lead to the user being confused as to the origin of a particular webpage and could have the user unknowingly send confidential information intended for a trusted site to the malicious site (CVE-2004-1158). The updated packages contain a patch from the KDE team to solve this issue. Additionally, the kdelibs and kdebase packages for Mandrakelinux 10.1 contain numerous bugfixes. New qt3 packages are being provided for Mandrakelinux 10.0 that are required to build the kdebase package." ); script_set_attribute( attribute:"see_also", value:"http://www.kde.org/info/security/advisory-20040811-3.txt" ); script_set_attribute( attribute:"see_also", value:"http://www.kde.org/info/security/advisory-20041209-1.txt" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-kate"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-kcontrol-data"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-kcontrol-nsplugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-kdeprintfax"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-kdm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-kdm-config-file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-kmenuedit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-konsole"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-nsplugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdebase-progs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdelibs-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdebase4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdebase4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdebase4-kate"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdebase4-kate-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdebase4-kmenuedit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdebase4-konsole"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdebase4-nsplugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdebase4-nsplugins-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdecore4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdecore4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64qt3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64qt3-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64qt3-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64qt3-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64qt3-psql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdebase4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdebase4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdebase4-kate"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdebase4-kate-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdebase4-kmenuedit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdebase4-konsole"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdebase4-nsplugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdebase4-nsplugins-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdecore4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdecore4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libqt3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libqt3-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libqt3-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libqt3-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libqt3-psql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mandrakelinux-kde-config-file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:qt3-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:qt3-example"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2004/12/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", reference:"kdebase-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdebase-common-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdebase-kate-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdebase-kcontrol-data-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdebase-kdeprintfax-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdebase-kdm-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdebase-kdm-config-file-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdebase-kmenuedit-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdebase-konsole-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdebase-nsplugins-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdebase-progs-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"kdelibs-common-3.2-36.6.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdebase4-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdebase4-devel-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdebase4-kate-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdebase4-kate-devel-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdebase4-kmenuedit-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdebase4-konsole-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdebase4-nsplugins-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdebase4-nsplugins-devel-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdecore4-3.2-36.6.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdecore4-devel-3.2-36.6.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64qt3-3.2.3-19.6.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64qt3-devel-3.2.3-19.6.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64qt3-mysql-3.2.3-19.6.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64qt3-odbc-3.2.3-19.6.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64qt3-psql-3.2.3-19.6.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdebase4-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdebase4-devel-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdebase4-kate-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdebase4-kate-devel-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdebase4-kmenuedit-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdebase4-konsole-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdebase4-nsplugins-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdebase4-nsplugins-devel-3.2-79.14.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdecore4-3.2-36.6.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdecore4-devel-3.2-36.6.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libqt3-3.2.3-19.6.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libqt3-devel-3.2.3-19.6.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libqt3-mysql-3.2.3-19.6.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libqt3-odbc-3.2.3-19.6.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libqt3-psql-3.2.3-19.6.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"mandrakelinux-kde-config-file-10.1-6.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mandrakelinux-kde-config-file-10.1-6.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"qt3-common-3.2.3-19.6.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"qt3-example-3.2.3-19.6.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdebase-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdebase-common-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdebase-kate-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdebase-kcontrol-data-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdebase-kcontrol-nsplugins-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdebase-kdeprintfax-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdebase-kdm-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdebase-kdm-config-file-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdebase-kmenuedit-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdebase-konsole-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdebase-nsplugins-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdebase-progs-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdelibs-common-3.2.3-98.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdebase4-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdebase4-devel-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdebase4-kate-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdebase4-kate-devel-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdebase4-kmenuedit-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdebase4-konsole-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdecore4-3.2.3-98.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdecore4-devel-3.2.3-98.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdebase4-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdebase4-devel-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdebase4-kate-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdebase4-kate-devel-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdebase4-kmenuedit-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdebase4-konsole-3.2.3-134.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdecore4-3.2.3-98.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdecore4-devel-3.2.3-98.1.101mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2004-548.NASL description - Tue Dec 14 2004 Than Ngo <than at redhat.com> 6:3.2.2-10.FC2 - apply the patch to fix Konqueror Window Injection Vulnerability #142510 CVE-2004-1158, Thanks to KDE security team - Security Advisory: plain text password exposure, #142487 thanks to KDE security team - Tue Sep 07 2004 Than Ngo <than at redhat.com> 6:3.2.2-9.FC2 - add patch to fix KDE trash always full #122988 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15977 published 2004-12-15 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15977 title Fedora Core 2 : kdelibs-3.2.2-10.FC2 (2004-548) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2004-548. # include("compat.inc"); if (description) { script_id(15977); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_xref(name:"FEDORA", value:"2004-548"); script_name(english:"Fedora Core 2 : kdelibs-3.2.2-10.FC2 (2004-548)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Tue Dec 14 2004 Than Ngo <than at redhat.com> 6:3.2.2-10.FC2 - apply the patch to fix Konqueror Window Injection Vulnerability #142510 CVE-2004-1158, Thanks to KDE security team - Security Advisory: plain text password exposure, #142487 thanks to KDE security team - Tue Sep 07 2004 Than Ngo <than at redhat.com> 6:3.2.2-9.FC2 - add patch to fix KDE trash always full #122988 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2004-December/000503.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f0094561" ); script_set_attribute( attribute:"solution", value: "Update the affected kdelibs, kdelibs-debuginfo and / or kdelibs-devel packages." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdelibs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdelibs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdelibs-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/12/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 2.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC2", reference:"kdelibs-3.2.2-10.FC2")) flag++; if (rpm_check(release:"FC2", reference:"kdelibs-debuginfo-3.2.2-10.FC2")) flag++; if (rpm_check(release:"FC2", reference:"kdelibs-devel-3.2.2-10.FC2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdelibs / kdelibs-debuginfo / kdelibs-devel"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-009.NASL description Updated kdelib and kdebase packages that resolve several security issues are now available. The kdelibs packages include libraries for the K Desktop Environment. The kdebase packages include core applications for the K Desktop Environment. Secunia Research discovered a window injection spoofing vulnerability affecting the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a different browser window. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-1158 to this issue. A bug was discovered in the way kioslave handles URL-encoded newline (%0a) characters before the FTP command. It is possible that a specially crafted URL could be used to execute any ftp command on a remote server, or potentially send unsolicited email. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-1165 to this issue. A bug was discovered that can crash KDE screensaver under certain local circumstances. This could allow an attacker with physical access to the workstation to take over a locked desktop session. Please note that this issue only affects Red Hat Enterprise Linux 2.1. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-0078 to this issue. All users of KDE are advised to upgrade to this updated packages, which contain backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 16366 published 2005-02-10 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16366 title RHEL 2.1 / 3 : kdelibs, kdebase (RHSA-2005:009) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200412-16.NASL description The remote host is affected by the vulnerability described in GLSA-200412-16 (kdelibs, kdebase: Multiple vulnerabilities) Daniel Fabian discovered that the KDE core libraries contain a flaw allowing password disclosure by making a link to a remote file. When creating this link, the resulting URL contains authentication credentials used to access the remote file (CAN 2004-1171). The Konqueror webbrowser allows websites to load webpages into a window or tab currently used by another website (CAN-2004-1158). Impact : A malicious user could have access to the authentication credentials of other users depending on the file permissions. A malicious website could use the window injection vulnerability to load content in a window apparently belonging to another website. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 16003 published 2004-12-19 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16003 title GLSA-200412-16 : kdelibs, kdebase: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2004-550.NASL description - Tue Dec 14 2004 Than Ngo <than at redhat.com> 3.3.1-2.4.FC3 - apply the patch to fix Konqueror Window Injection Vulnerability #142510 CVE-2004-1158, Thanks to KDE security team - Fri Dec 10 2004 Than Ngo <than at redhat.com> 3.3.1-2.3.FC3 - Security Advisory: plain text password exposure, #142487 thanks to KDE security team Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15979 published 2004-12-15 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15979 title Fedora Core 3 : kdelibs-3.3.1-2.4.FC3 (2004-550) NASL family Fedora Local Security Checks NASL id FEDORA_2004-551.NASL description - Tue Dec 14 2004 Than Ngo <than at redhat.com> 6:3.3.1-4.3.FC3 - apply the patch to fix Konqueror Window Injection Vulnerability #142510 CVE-2004-1158, Thanks to KDE security team - Fri Dec 10 2004 Than Ngo <than at redhat.com> 6:3.3.1-4.2.FC3 - Security Advisory: plain text password exposure, thanks to KDE security team - the existing icon is lost, add patch to fix this problem #140196 - add patch to fix kfind hang on search #137582 - rebuild against samba-3.0.9 #139894 - add CVS patch to fix konqueror crash by dragging some text over the navigation panel - fix rpm conflict - apply patch number 86 - add patch to fix man page problem konqueror, thanks to Andy Shevchenko Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15980 published 2004-12-15 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15980 title Fedora Core 3 : kdebase-3.3.1-4.3.FC3 (2004-551) NASL family Fedora Local Security Checks NASL id FEDORA_2004-549.NASL description - Tue Dec 14 2004 Than Ngo <than at redhat.com> 3.2.2-8.FC2 - apply the patch to fix Konqueror Window Injection Vulnerability #142510 CVE-2004-1158, Thanks to KDE security team - Security Advisory: plain text password exposure, #142487 thanks to KDE security team - Tue Sep 28 2004 Than Ngo <than at redhat.com> 6:3.2.2-7.FC2 - fix kdm autologin problem Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15978 published 2004-12-15 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15978 title Fedora Core 2 : kdebase-3.2.2-8.FC2 (2004-549) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B09119856E2A11D99557000A95BC6FAE.NASL description A Secunia Research advisory reports : Secunia Research has reported a vulnerability in multiple browsers, which can be exploited by malicious people to spoof the content of websites. The problem is that a website can inject content into another site last seen 2020-06-01 modified 2020-06-02 plugin id 19083 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19083 title FreeBSD : web browsers -- window injection vulnerabilities (b0911985-6e2a-11d9-9557-000a95bc6fae)
Oval
accepted | 2013-04-29T04:11:09.761-04:00 | ||||||||
class | vulnerability | ||||||||
contributors |
| ||||||||
definition_extensions |
| ||||||||
description | Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | ||||||||
family | unix | ||||||||
id | oval:org.mitre.oval:def:11056 | ||||||||
status | accepted | ||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||
title | Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | ||||||||
version | 26 |
Redhat
advisories |
| ||||
rpms |
|
References
- http://marc.info/?l=bugtraq&m=110296048613575&w=2
- http://secunia.com/advisories/13254
- http://secunia.com/advisories/13477
- http://secunia.com/advisories/13486
- http://secunia.com/advisories/13560
- http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
- http://secunia.com/secunia_research/2004-13/advisory/
- http://www.kde.org/info/security/advisory-20041213-1.txt
- http://www.novell.com/linux/security/advisories/2005_01_sr.html
- http://www.redhat.com/support/errata/RHSA-2005-009.html
- http://www.securityfocus.com/bid/11853
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11056