Vulnerabilities > CVE-2006-0019 - Remote Heap Overflow vulnerability in KDE KJS Encodeuri / Decodeuri

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
kde
nessus

Summary

Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-050.NASL
    descriptionA heap overflow flaw was discovered affecting kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE. An attacker could create a malicious website containing carefully crafted JavaScript code that would trigger this flaw and possibly lead to arbitrary code execution. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0019 to this issue. Users of KDE should upgrade to these updated packages, which contain a backported patch from the KDE security team correcting this issue Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20756
    published2006-01-21
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20756
    titleFedora Core 4 : kdelibs-3.5.0-0.4.fc4 (2006-050)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-245-1.NASL
    descriptionMaksim Orlovich discovered that kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE, did not sufficiently verify the validity of UTF-8 encoded URIs. Specially crafted URIs could trigger a buffer overflow. By tricking an user into visiting a website with malicious JavaScript code, a remote attacker could exploit this to execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20792
    published2006-01-21
    reporterUbuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20792
    titleUbuntu 5.04 / 5.10 : kdelibs vulnerability (USN-245-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2006_003.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2006:003 (kdelibs3). Maksim Orlovich discovered a bug in the JavaScript interpreter used by Konqueror. UTF-8 encoded URLs could lead to a buffer overflow that causes the browser to crash or execute arbitrary code. Attackers could trick users into visiting specially crafted web sites that exploit this bug (CVE-2006-0019).
    last seen2020-06-01
    modified2020-06-02
    plugin id20758
    published2006-01-21
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20758
    titleSUSE-SA:2006:003: kdelibs3
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-019.NASL
    descriptionA heap overflow vulnerability was discovered in kjs, the KDE JavaScript interpretter engine. An attacker could create a malicious web site that contained carefully crafted JavaScript code that could trigger the flaw and potentially lead to the arbitrary execution of code as the user visiting the site. The updated packages have been patched to correct this problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id20797
    published2006-01-22
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20797
    titleMandrake Linux Security Advisory : kdelibs (MDKSA-2006:019)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-948.NASL
    descriptionMaksim Orlovich discovered that the kjs JavaScript interpreter, used in the Konqueror web browser and in other parts of KDE, performs insufficient bounds checking when parsing UTF-8 encoded Uniform Resource Identifiers, which may lead to a heap based buffer overflow and the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id22814
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22814
    titleDebian DSA-948-1 : kdelibs - buffer overflow
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200601-11.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200601-11 (KDE kjs: URI heap overflow vulnerability) Maksim Orlovich discovered an incorrect bounds check in kjs when handling URIs. Impact : By enticing a user to load a specially crafted webpage containing malicious JavaScript, an attacker could execute arbitrary code with the rights of the user running kjs. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id20798
    published2006-01-23
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20798
    titleGLSA-200601-11 : KDE kjs: URI heap overflow vulnerability
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0184.NASL
    descriptionUpdated kdelibs packages are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. kdelibs contains libraries for the K Desktop Environment (KDE). A heap overflow flaw was discovered affecting kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE. An attacker could create a malicious website containing carefully crafted JavaScript code that would trigger this flaw and possibly lead to arbitrary code execution. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0019 to this issue. NOTE: this issue does not affect KDE in Red Hat Enterprise Linux 3 or 2.1. Users of KDE should upgrade to these updated packages, which contain a backported patch from the KDE security team correcting this issue as well as two bug fixes.
    last seen2020-06-01
    modified2020-06-02
    plugin id21981
    published2006-07-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21981
    titleCentOS 4 : kdelibs (CESA-2006:0184)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0184.NASL
    descriptionUpdated kdelibs packages are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. kdelibs contains libraries for the K Desktop Environment (KDE). A heap overflow flaw was discovered affecting kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE. An attacker could create a malicious website containing carefully crafted JavaScript code that would trigger this flaw and possibly lead to arbitrary code execution. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0019 to this issue. NOTE: this issue does not affect KDE in Red Hat Enterprise Linux 3 or 2.1. Users of KDE should upgrade to these updated packages, which contain a backported patch from the KDE security team correcting this issue as well as two bug fixes.
    last seen2020-06-01
    modified2020-06-02
    plugin id20753
    published2006-01-20
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20753
    titleRHEL 4 : kdelibs (RHSA-2006:0184)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2006-045-05.NASL
    descriptionNew kdelibs packages are available for Slackware 10.0, 10.1, and 10.2 to fix a security issue with kjs.
    last seen2020-06-01
    modified2020-06-02
    plugin id20916
    published2006-02-15
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20916
    titleSlackware 10.0 / 10.1 / 10.2 : kdelibs (SSA:2006-045-05)

Oval

accepted2013-04-29T04:16:00.303-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionHeap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.
familyunix
idoval:org.mitre.oval:def:11858
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleHeap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.
version26

Redhat

advisories
bugzilla
id178072
titlepwMutex destroy failure: Device or resource busy
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentkdelibs-devel is earlier than 6:3.3.1-3.14
          ovaloval:com.redhat.rhsa:tst:20060184001
        • commentkdelibs-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060184002
      • AND
        • commentkdelibs is earlier than 6:3.3.1-3.14
          ovaloval:com.redhat.rhsa:tst:20060184003
        • commentkdelibs is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060184004
rhsa
idRHSA-2006:0184
released2006-01-19
severityCritical
titleRHSA-2006:0184: kdelibs security update (Critical)
rpms
  • kdelibs-6:3.3.1-3.14
  • kdelibs-debuginfo-6:3.3.1-3.14
  • kdelibs-devel-6:3.3.1-3.14