Vulnerabilities > CVE-2004-1165 - Unspecified vulnerability in KDE Kdelibs and Konqueror
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 10 |
Exploit-Db
| description | KDE FTP KIOSlave URI Arbitrary FTP Server Command Execution Vulnerability. CVE-2004-1165. Remote exploit for linux platform |
| id | EDB-ID:24801 |
| last seen | 2016-02-03 |
| modified | 2004-12-06 |
| published | 2004-12-06 |
| reporter | Albert Puigsech Galicia |
| source | https://www.exploit-db.com/download/24801/ |
| title | KDE FTP KIOSlave URI Arbitrary FTP Server Command Execution Vulnerability |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200501-18.NASL description The remote host is affected by the vulnerability described in GLSA-200501-18 (KDE FTP KIOslave: Command injection) The FTP KIOslave fails to properly parse URL-encoded newline characters. Impact : An attacker could exploit this to execute arbitrary FTP commands on the server and due to similiarities between the FTP and the SMTP protocol, this vulnerability also allows an attacker to connect to a SMTP server and issue arbitrary commands, for example sending an email. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 16409 published 2005-02-14 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16409 title GLSA-200501-18 : KDE FTP KIOslave: Command injection code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200501-18. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(16409); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2004-1165"); script_xref(name:"GLSA", value:"200501-18"); script_name(english:"GLSA-200501-18 : KDE FTP KIOslave: Command injection"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200501-18 (KDE FTP KIOslave: Command injection) The FTP KIOslave fails to properly parse URL-encoded newline characters. Impact : An attacker could exploit this to execute arbitrary FTP commands on the server and due to similiarities between the FTP and the SMTP protocol, this vulnerability also allows an attacker to connect to a SMTP server and issue arbitrary commands, for example sending an email. Workaround : There is no known workaround at this time." ); # http://www.kde.org/info/security/advisory-20050101-1.txt script_set_attribute( attribute:"see_also", value:"https://www.kde.org/info/security/advisory-20050101-1.txt" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200501-18" ); script_set_attribute( attribute:"solution", value: "All kdelibs users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose kde-base/kdelibs" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:kdelibs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/01/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"kde-base/kdelibs", unaffected:make_list("ge 3.3.2-r2", "rge 3.2.3-r5"), vulnerable:make_list("lt 3.3.2-r2"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "KDE FTP KIOslave"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_832E9D755BFC11D9A9E70001020EED82.NASL description Albert Puigsech Galicia reports that Konqueror (more specifically kio_ftp) and Microsoft Internet Explorer are vulnerable to a FTP command injection vulnerability which can be exploited by tricking an user into clicking a specially crafted FTP URI. It is also reported by Ian Gulliver and Emanuele Balla that this vulnerability can be used to tricking a client into sending out emails without user interaction. last seen 2020-06-01 modified 2020-06-02 plugin id 19008 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19008 title FreeBSD : kdelibs3 -- konqueror FTP command injection vulnerability (832e9d75-5bfc-11d9-a9e7-0001020eed82) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(19008); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:37"); script_cve_id("CVE-2004-1165"); script_bugtraq_id(11827); script_name(english:"FreeBSD : kdelibs3 -- konqueror FTP command injection vulnerability (832e9d75-5bfc-11d9-a9e7-0001020eed82)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Albert Puigsech Galicia reports that Konqueror (more specifically kio_ftp) and Microsoft Internet Explorer are vulnerable to a FTP command injection vulnerability which can be exploited by tricking an user into clicking a specially crafted FTP URI. It is also reported by Ian Gulliver and Emanuele Balla that this vulnerability can be used to tricking a client into sending out emails without user interaction." ); # http://marc.theaimsgroup.com/?l=bugtraq&m=110245752232681 script_set_attribute( attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=110245752232681" ); # http://marc.theaimsgroup.com/?l=full-disclosure&m=110387390226693 script_set_attribute( attribute:"see_also", value:"https://marc.info/?l=full-disclosure&m=110387390226693" ); # http://marc.theaimsgroup.com/?l=full-disclosure&m=110390734925183 script_set_attribute( attribute:"see_also", value:"https://marc.info/?l=full-disclosure&m=110390734925183" ); # http://www.kde.org/info/security/advisory-20050101-1.txt script_set_attribute( attribute:"see_also", value:"https://www.kde.org/info/security/advisory-20050101-1.txt" ); # https://vuxml.freebsd.org/freebsd/832e9d75-5bfc-11d9-a9e7-0001020eed82.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f7c33164" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ja-kdelibs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:kdelibs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/01"); script_set_attribute(attribute:"patch_publication_date", value:"2005/01/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"ja-kdelibs<3.3.2_2")) flag++; if (pkg_test(save_report:TRUE, pkg:"kdelibs<3.3.2_2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-065.NASL description Updated kdelibs packages that resolve security issues in Konqueror are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdelibs packages include libraries for the K Desktop Environment. Two flaws were found in the sandbox environment used to run Java-applets in the Konqueror web browser. If a user has Java enabled in Konqueror and visits a malicious website, the website could run a carefully crafted Java-applet and obtain escalated privileges allowing reading and writing of arbitrary files with the privileges of the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1145 to this issue. A flaw was discovered in the FTP kioslave. KDE applications such as Konqueror could be forced to execute arbitrary FTP commands via a carefully crafted ftp URL. The URL could also be crafted in such a way as to send an arbitrary email via SMTP. An attacker could make use of this flaw if a victim visits a malicious website. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-1165 to this issue. Users should update to these erratum packages which contain backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 17177 published 2005-02-22 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17177 title RHEL 4 : kdelibs (RHSA-2005:065) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-631.NASL description Thiago Macieira discovered a vulnerability in the kioslave library, which is part of kdelibs, which allows a remote attacker to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline before the FTP command. last seen 2020-06-01 modified 2020-06-02 plugin id 16128 published 2005-01-12 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16128 title Debian DSA-631-1 : kdelibs - unsanitised input NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-009.NASL description Updated kdelib and kdebase packages that resolve several security issues are now available. The kdelibs packages include libraries for the K Desktop Environment. The kdebase packages include core applications for the K Desktop Environment. Secunia Research discovered a window injection spoofing vulnerability affecting the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a different browser window. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-1158 to this issue. A bug was discovered in the way kioslave handles URL-encoded newline (%0a) characters before the FTP command. It is possible that a specially crafted URL could be used to execute any ftp command on a remote server, or potentially send unsolicited email. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-1165 to this issue. A bug was discovered that can crash KDE screensaver under certain local circumstances. This could allow an attacker with physical access to the workstation to take over a locked desktop session. Please note that this issue only affects Red Hat Enterprise Linux 2.1. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-0078 to this issue. All users of KDE are advised to upgrade to this updated packages, which contain backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 16366 published 2005-02-10 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16366 title RHEL 2.1 / 3 : kdelibs, kdebase (RHSA-2005:009) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-160.NASL description A vulnerability in the Konqueror web browser was discovered that would allow a malicious web site to take advantage of a flaw in kio_ftp to send email messages without user interaction. The updated packages are patched to correct the problem. last seen 2020-06-01 modified 2020-06-02 plugin id 16077 published 2005-01-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16077 title Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:160) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-045.NASL description A bug in the way kioslave handles URL-encoded newline (%0a) characters before the FTP command was discovered. Because of this, it is possible that a specially crafted URL could be used to execute any ftp command on a remote server, or even send unsolicited email. As well, Davide Madrisan discovered that dcopidlng created temporary files in an insecure manner. The updated packages are patched to deal with these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 17140 published 2005-02-18 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17140 title Mandrake Linux Security Advisory : kdelibs (MDKSA-2005:045)
Oval
| accepted | 2013-04-29T04:21:00.881-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:9645 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- http://marc.info/?l=bugtraq&m=110245752232681&w=2
- http://www.debian.org/security/2005/dsa-631
- http://www.gentoo.org/security/en/glsa/glsa-200501-18.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:045
- http://www.redhat.com/support/errata/RHSA-2005-009.html
- http://www.redhat.com/support/errata/RHSA-2005-065.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18384
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9645