FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0411

This CVE name corresponds to:

Entered Topic
2004-05-18 URI handler vulnerabilities in several browsers

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0411 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-0411
Phase Assigned(20040416)

Description

The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.

References

Source Reference
BUGTRAQ 20040513 Opera Telnet URI Handler Vulnerability also applies to other browsers
BUGTRAQ 20040517 KDE Security Advisory: URI Handler Vulnerabilities
CONFIRM http://www.kde.org/info/security/advisory-20040517-1.txt
CONECTIVA CLA-2004:843
DEBIAN DSA-518
FEDORA FEDORA-2004-121
FEDORA FEDORA-2004-122
GENTOO GLSA-200405-11
REDHAT RHSA-2004:222
SUSE SuSE-SA:2003:014
SLACKWARE SSA:2004-238
CIAC O-146
BID 10358
OSVDB 6107
OVAL oval:org.mitre.oval:def:954
SECUNIA 11602
XF kde-url-handler-gain-access(16163)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.