Vulnerabilities > CVE-2005-0237 - Unspecified vulnerability in KDE and Konqueror
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 1 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_022.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:022 (kdelibs3). Several vulnerabilities have been identified and fixed in the KDE desktop environment. - A buffer overflow via specially crafted PCX pictures was fixed. This could lead to a remote attacker being able to execute code as the user opening or viewing a PCX images. This PCX image could have been embedded within a web page or Email. This affects SUSE Linux 9.1 up to 9.3, SUSE Linux Enterprise Server 9 and Novell Linux Desktop 9. - The IDN domain name cloaking problem was fixed. A remote website could disguise its name as another potentially trusted site by using a extension originally meant for non-ASCII domain names by using last seen 2020-06-01 modified 2020-06-02 plugin id 18014 published 2005-04-12 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18014 title SUSE-SA:2005:022: kdelibs3 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:022 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(18014); script_version ("1.11"); script_cve_id("CVE-2005-0237", "CVE-2005-0396"); name["english"] = "SUSE-SA:2005:022: kdelibs3"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2005:022 (kdelibs3). Several vulnerabilities have been identified and fixed in the KDE desktop environment. - A buffer overflow via specially crafted PCX pictures was fixed. This could lead to a remote attacker being able to execute code as the user opening or viewing a PCX images. This PCX image could have been embedded within a web page or Email. This affects SUSE Linux 9.1 up to 9.3, SUSE Linux Enterprise Server 9 and Novell Linux Desktop 9. - The IDN domain name cloaking problem was fixed. A remote website could disguise its name as another potentially trusted site by using a extension originally meant for non-ASCII domain names by using 'homographs' which look exactly like other letters. The fix used by KDE is only use homographs for trusted domains. It is disabled by default for the .net, .com and .org domains. This issue exists in SUSE Linux 9.1 and 9.2, SUSE Linux Enterprise Server 9 and Novell Linux Desktop 9. It has been assigned the Mitre CVE ID CVE-2005-0233. - A denial of service attack against the DCOP service was fixed. A local user could cause another users KDE session to visible hang by writing bad data to the world-writable DCOP socket. The socket has been made writable only for the user itself. This was found by Sebastian Krahmer of SUSE Security. This affects all SUSE Linux versions, except SUSE Linux 9.3. Updates for SUSE Linux up to 9.0 and SUSE Linux Enterprise Server 8 are not included for this minor issue. They will be included should a later security update for different issues be necessary. This is tracked by the Mitre CVE ID CVE-2005-0396. Additionally following bug was fixed: - A possible race in the DNS resolver causing unresolved hosts in rare cases was fixed. This only affected SUSE Linux 9.3." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/advisories/2005_22_kdelibs3.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/04/12"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_end_attributes(); summary["english"] = "Check for the version of the kdelibs3 package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"kdelibs3-3.2.1-44.46", release:"SUSE9.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"kdelibs3-3.3.0-34.5", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"kdelibs3-3.4.0-20.3", release:"SUSE9.3") ) { security_warning(0); exit(0); } if (rpm_exists(rpm:"kdelibs3-", release:"SUSE9.1") || rpm_exists(rpm:"kdelibs3-", release:"SUSE9.2") || rpm_exists(rpm:"kdelibs3-", release:"SUSE9.3") ) { set_kb_item(name:"CVE-2005-0237", value:TRUE); set_kb_item(name:"CVE-2005-0396", value:TRUE); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-325.NASL description Updated kdelibs packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdelibs package provides libraries for the K Desktop Environment. The International Domain Name (IDN) support in the Konqueror browser allowed remote attackers to spoof domain names using punycode encoded domain names. Such domain names are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0237 to this issue. Sebastian Krahmer discovered a flaw in dcopserver, the KDE Desktop Communication Protocol (DCOP) daemon. A local user could use this flaw to stall the DCOP authentication process, affecting any local desktop users and causing a reduction in their desktop functionality. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0396 to this issue. A flaw in the dcopidlng script was discovered. The dcopidlng script would create temporary files with predictable filenames which could allow local users to overwrite arbitrary files via a symlink attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0365 to this issue. Users of KDE should upgrade to these erratum packages which contain backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 17625 published 2005-03-25 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17625 title RHEL 4 : kdelibs (RHSA-2005:325) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:325. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(17625); script_version ("1.26"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-0237", "CVE-2005-0365", "CVE-2005-0396"); script_xref(name:"RHSA", value:"2005:325"); script_name(english:"RHEL 4 : kdelibs (RHSA-2005:325)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kdelibs packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdelibs package provides libraries for the K Desktop Environment. The International Domain Name (IDN) support in the Konqueror browser allowed remote attackers to spoof domain names using punycode encoded domain names. Such domain names are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0237 to this issue. Sebastian Krahmer discovered a flaw in dcopserver, the KDE Desktop Communication Protocol (DCOP) daemon. A local user could use this flaw to stall the DCOP authentication process, affecting any local desktop users and causing a reduction in their desktop functionality. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0396 to this issue. A flaw in the dcopidlng script was discovered. The dcopidlng script would create temporary files with predictable filenames which could allow local users to overwrite arbitrary files via a symlink attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0365 to this issue. Users of KDE should upgrade to these erratum packages which contain backported patches to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0237" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0365" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0396" ); # http://www.kde.org/info/security/advisory-20050316-3.txt script_set_attribute( attribute:"see_also", value:"https://www.kde.org/info/security/advisory-20050316-3.txt" ); # http://www.kde.org/info/security/advisory-20050316-2.txt script_set_attribute( attribute:"see_also", value:"https://www.kde.org/info/security/advisory-20050316-2.txt" ); # http://www.kde.org/info/security/advisory-20050316-1.txt script_set_attribute( attribute:"see_also", value:"https://www.kde.org/info/security/advisory-20050316-1.txt" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:325" ); script_set_attribute( attribute:"solution", value:"Update the affected kdelibs and / or kdelibs-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/02"); script_set_attribute(attribute:"patch_publication_date", value:"2005/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:325"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"kdelibs-3.3.1-3.6")) flag++; if (rpm_check(release:"RHEL4", reference:"kdelibs-devel-3.3.1-3.6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdelibs / kdelibs-devel"); } }
NASL family Fedora Local Security Checks NASL id FEDORA_2005-245.NASL description - Wed Mar 23 2005 Than Ngo <than at redhat.com> 6:3.3.1-2.9.FC3 - Applied patch to fix konqueror international domain name spoofing, CVE-2005-0237, #147405 - get rid of broken AltiVec instructions on ppc - Wed Mar 2 2005 Than Ngo <than at redhat.com> 6:3.3.1-2.8.FC3 - Applied patch to fix DCOP DoS, CVE-2005-0396, #150092 thanks KDE security team - Wed Feb 16 2005 Than Ngo <than at redhat.com> 6:3.3.1-2.7.FC3 - Applied patch to fix dcopidlng insecure temporary file usage, CVE-2005-0365, #148823 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19631 published 2005-09-12 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19631 title Fedora Core 3 : kdelibs-3.3.1-2.9.FC3 (2005-245) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2005-245. # include("compat.inc"); if (description) { script_id(19631); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_cve_id("CVE-2005-0365"); script_xref(name:"FEDORA", value:"2005-245"); script_name(english:"Fedora Core 3 : kdelibs-3.3.1-2.9.FC3 (2005-245)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Wed Mar 23 2005 Than Ngo <than at redhat.com> 6:3.3.1-2.9.FC3 - Applied patch to fix konqueror international domain name spoofing, CVE-2005-0237, #147405 - get rid of broken AltiVec instructions on ppc - Wed Mar 2 2005 Than Ngo <than at redhat.com> 6:3.3.1-2.8.FC3 - Applied patch to fix DCOP DoS, CVE-2005-0396, #150092 thanks KDE security team - Wed Feb 16 2005 Than Ngo <than at redhat.com> 6:3.3.1-2.7.FC3 - Applied patch to fix dcopidlng insecure temporary file usage, CVE-2005-0365, #148823 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2005-March/000793.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?52f23b2e" ); script_set_attribute( attribute:"solution", value: "Update the affected kdelibs, kdelibs-debuginfo and / or kdelibs-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdelibs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdelibs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdelibs-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3"); script_set_attribute(attribute:"patch_publication_date", value:"2005/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/09/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC3", reference:"kdelibs-3.3.1-2.9.FC3")) flag++; if (rpm_check(release:"FC3", reference:"kdelibs-debuginfo-3.3.1-2.9.FC3")) flag++; if (rpm_check(release:"FC3", reference:"kdelibs-devel-3.3.1-2.9.FC3")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdelibs / kdelibs-debuginfo / kdelibs-devel"); }
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-058.NASL description A vulnerability in dcopserver was discovered by Sebastian Krahmer of the SUSE security team. A local user can lock up the dcopserver of other users on the same machine by stalling the DCOP authentication process, causing a local Denial of Service. dcopserver is the KDE Desktop Communication Procotol daemon (CVE-2005-0396). As well, the IDN (International Domain Names) support in Konqueror is vulnerable to a phishing technique known as a Homograph attack. This attack is made possible due to IDN allowing a website to use a wide range of international characters that have a strong resemblance to other characters. This can be used to trick users into thinking they are on a different trusted site when they are in fact on a site mocked up to look legitimate using these other characters, known as homographs. This can be used to trick users into providing personal information to a site they think is trusted (CVE-2005-0237). Finally, it was found that the dcopidlng script was vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files of a user when the script is run on behalf of that user. However, this script is only used as part of the build process of KDE itself and may also be used by the build processes of third- party KDE applications (CVE-2005-0365). The updated packages are patched to deal with these issues and Mandrakesoft encourages all users to upgrade immediately. last seen 2020-06-01 modified 2020-06-02 plugin id 17346 published 2005-03-17 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17346 title Mandrake Linux Security Advisory : kdelibs (MDKSA-2005:058) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2005:058. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(17346); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2005-0233", "CVE-2005-0237", "CVE-2005-0365", "CVE-2005-0396"); script_xref(name:"MDKSA", value:"2005:058"); script_name(english:"Mandrake Linux Security Advisory : kdelibs (MDKSA-2005:058)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability in dcopserver was discovered by Sebastian Krahmer of the SUSE security team. A local user can lock up the dcopserver of other users on the same machine by stalling the DCOP authentication process, causing a local Denial of Service. dcopserver is the KDE Desktop Communication Procotol daemon (CVE-2005-0396). As well, the IDN (International Domain Names) support in Konqueror is vulnerable to a phishing technique known as a Homograph attack. This attack is made possible due to IDN allowing a website to use a wide range of international characters that have a strong resemblance to other characters. This can be used to trick users into thinking they are on a different trusted site when they are in fact on a site mocked up to look legitimate using these other characters, known as homographs. This can be used to trick users into providing personal information to a site they think is trusted (CVE-2005-0237). Finally, it was found that the dcopidlng script was vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files of a user when the script is run on behalf of that user. However, this script is only used as part of the build process of KDE itself and may also be used by the build processes of third- party KDE applications (CVE-2005-0365). The updated packages are patched to deal with these issues and Mandrakesoft encourages all users to upgrade immediately." ); script_set_attribute( attribute:"see_also", value:"http://www.kde.org/info/security/advisory-20050316-1.txt" ); script_set_attribute( attribute:"see_also", value:"http://www.kde.org/info/security/advisory-20050316-2.txt" ); script_set_attribute( attribute:"see_also", value:"http://www.kde.org/info/security/advisory-20050316-3.txt" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdelibs-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdecore4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdecore4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdecore4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdecore4-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2005/03/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", reference:"kdelibs-common-3.2-36.12.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdecore4-3.2-36.12.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64kdecore4-devel-3.2-36.12.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdecore4-3.2-36.12.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libkdecore4-devel-3.2-36.12.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"kdelibs-common-3.2.3-104.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdecore4-3.2.3-104.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64kdecore4-devel-3.2.3-104.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdecore4-3.2.3-104.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libkdecore4-devel-3.2.3-104.2.101mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Oval
accepted | 2013-04-29T04:07:36.938-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | ||||||||||||
family | unix | ||||||||||||
id | oval:org.mitre.oval:def:10671 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
title | The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. | ||||||||||||
version | 26 |
Redhat
advisories |
| ||||
rpms |
|
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html
- http://secunia.com/advisories/14162
- http://www.kde.org/info/security/advisory-20050316-2.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:058
- http://www.redhat.com/support/errata/RHSA-2005-325.html
- http://www.securityfocus.com/archive/1/427976/100/0/threaded
- http://www.securityfocus.com/bid/12461
- http://www.shmoo.com/idn
- http://www.shmoo.com/idn/homograph.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19236
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10671