ID CVE-2004-0411
Summary The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.
References
Vulnerable Configurations
  • cpe:2.3:a:kde:konqueror:3.2.2
    cpe:2.3:a:kde:konqueror:3.2.2
  • cpe:2.3:a:opera_software:opera_web_browser:9.10
    cpe:2.3:a:opera_software:opera_web_browser:9.10
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_DF333EDEA8CE11D89C6D0020ED76EF5A.NASL
    description Karol Wiesek and Greg MacManus reported via iDEFENSE that the Opera web browser contains a flaw in the handling of certain URIs. When presented with these URIs, Opera would invoke external commands to process them after some validation. However, if the hostname component of a URI begins with a `-', it may be treated as an option by an external command. This could have undesirable side-effects, from denial-of-service to code execution. The impact is very dependent on local configuration. After the iDEFENSE advisory was published, the KDE team discovered similar problems in KDE's URI handlers.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 37850
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37850
    title FreeBSD : URI handler vulnerabilities in several browsers (df333ede-a8ce-11d8-9c6d-0020ed76ef5a)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2004-122.NASL
    description iDEFENSE identified a vulnerability in the Opera Web Browser that could allow remote attackers to create or truncate arbitrary files. The KDE team has found that a similar vulnerability exists in KDE. A flaw in the telnet URL handler can allow options to be passed to the telnet program which can be used to allow file creation or overwriting. An attacker could create a carefully crafted link such that when opened by a victim it creates or overwrites a file in the victims home directory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0411 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 13700
    published 2004-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13700
    title Fedora Core 2 : kdelibs-3.2.2-6 (2004-122)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200405-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-200405-11 (KDE URI Handler Vulnerabilities) The telnet, rlogin, ssh and mailto URI handlers in KDE do not check for '-' at the beginning of the hostname passed. By crafting a malicious URI and entice an user to click on it, it is possible to pass an option to the programs started by the handlers (typically telnet, kmail...). Impact : If the attacker controls the options passed to the URI handling programs, it becomes possible for example to overwrite arbitrary files (possibly leading to denial of service), to open kmail on an attacker-controlled remote display or with an alternate configuration file (possibly leading to control of the user account). Workaround : There is no known workaround at this time. All users are advised to upgrade to a corrected version of kdelibs.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 14497
    published 2004-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14497
    title GLSA-200405-11 : KDE URI Handler Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-518.NASL
    description iDEFENSE identified a vulnerability in the Opera web browser that could be used by remote attackers to create or truncate arbitrary files on the victims machine. The KDE team discovered that a similar vulnerability exists in KDE. A remote attacker could entice a user to open a carefully crafted telnet URI which may either create or truncate a file in the victims home directory. In KDE 3.2 and later versions the user is first explicitly asked to confirm the opening of the telnet URI.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15355
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15355
    title Debian DSA-518-1 : kdelibs - unsanitised input
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SA_2003_014.NASL
    description The remote host is missing the patch for the advisory SuSE-SA:2003:014 (kdelibs/kdelibs3). The kdelibs3 (kdelibs for SLES7 based products) package is a core package for the K desktop environment (KDE). The URI handler of the kdelibs3 and kdelibs class library contains a flaw which allows remote attackers to create arbitrary files as the user utilizing the kdelibs3/kdelibs package. Affected are applications which use the kdelibs3/kdelibs URI handler such as Konqueror or Kmail. The original KDE advisory can be found at http://www.kde.org/info/security/advisory-20040517-1.html Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command 'rpm -Fhv file.rpm' to apply the update.
    last seen 2019-02-21
    modified 2016-12-27
    plugin id 13785
    published 2004-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13785
    title SuSE-SA:2003:014: kdelibs/kdelibs3
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_URI_VULNS.NASL
    description The following package needs to be updated: kdelibs
    last seen 2016-09-26
    modified 2004-07-06
    plugin id 12620
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12620
    title FreeBSD : URI handler vulnerabilities in several browsers (197)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2004-238-01.NASL
    description New kdelibs packages are available for Slackware 9.0, 9.1 and -current to fix security issues with URI handling.
    last seen 2018-09-02
    modified 2013-06-01
    plugin id 18753
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18753
    title Slackware 9.0 / 9.1 / current : kdelibs (SSA:2004-238-01)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2004-121.NASL
    description iDEFENSE identified a vulnerability in the Opera Web Browser that could allow remote attackers to create or truncate arbitrary files. The KDE team has found that a similar vulnerability exists in KDE. A flaw in the telnet URL handler can allow options to be passed to the telnet program which can be used to allow file creation or overwriting. An attacker could create a carefully crafted link such that when opened by a victim it creates or overwrites a file in the victims home directory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0411 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 13699
    published 2004-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13699
    title Fedora Core 1 : kdelibs-3.1.4-5 (2004-121)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-222.NASL
    description Updated kdelibs packages that fix telnet URI handler and mailto URI handler file vulnerabilities are now available. The kdelibs packages include libraries for the K Desktop Environment. KDE Libraries include: kdecore (KDE core library), kdeui (user interface), kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking), kspell (spelling checker), jscript (JavaScript), kab (addressbook), kimgio (image manipulation). Konqueror is a file manager and Web browser for the K Desktop Environment (KDE). iDEFENSE identified a vulnerability in the Opera web browser that could allow remote attackers to create or truncate arbitrary files. The KDE team has found two similar vulnerabilities that also exist in KDE. A flaw in the telnet URI handler may allow options to be passed to the telnet program, resulting in creation or replacement of files. An attacker could create a carefully crafted link such that when opened by a victim it creates or overwrites a file with the victim's permissions. A flaw in the mailto URI handler may allow options to be passed to the kmail program. These options could cause kmail to write to the file system or to run on a remote X display. An attacker could create a carefully crafted link in such a way that access may be obtained to run arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0411 to these issues. Note: Red Hat Enterprise Linux 2.1 is only vulnerable to the mailto URI flaw as a previous update shipped without a telnet.protocol file. All users of KDE are advised to upgrade to these erratum packages, which contain a backported patch for these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 12499
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12499
    title RHEL 2.1 / 3 : kdelibs (RHSA-2004:222)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-047.NASL
    description A vulnerability in the Opera web browser was identified by iDEFENSE; the same type of vulnerability exists in KDE. The telnet, rlogin, ssh, and mailto URI handlers do not check for '-' at the beginning of the hostname passed, which makes it possible to pass an option to the programs started by the handlers. This can allow remote attackers to create or truncate arbitrary files. The updated packages contain patches provided by the KDE team to fix this problem.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 14146
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14146
    title Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:047)
oval via4
accepted 2007-04-25T19:53:10.684-04:00
class vulnerability
contributors
  • name Jay Beale
    organization Bastille Linux
  • name Thomas R. Jones
    organization Maitreya Security
description The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.
family unix
id oval:org.mitre.oval:def:954
status accepted
submitted 2004-05-19T12:00:00.000-04:00
title Konqueror URI Handler "-" Filter Vulnerability
version 34
redhat via4
advisories
rhsa
id RHSA-2004:222
refmap via4
bid 10358
bugtraq
  • 20040513 Opera Telnet URI Handler Vulnerability also applies to other browsers
  • 20040517 KDE Security Advisory: URI Handler Vulnerabilities
ciac O-146
conectiva CLA-2004:843
confirm http://www.kde.org/info/security/advisory-20040517-1.txt
debian DSA-518
fedora
  • FEDORA-2004-121
  • FEDORA-2004-122
gentoo GLSA-200405-11
osvdb 6107
secunia 11602
slackware SSA:2004-238
suse SuSE-SA:2003:014
xf kde-url-handler-gain-access(16163)
Last major update 17-10-2016 - 22:45
Published 07-07-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top