OVAL Reference oval:org.mitre.oval:def:954

Oval Definition:

oval:org.mitre.oval:def:954

Revision Date:	2007-04-25	Version:	19
Title:	Konqueror URI Handler "-" Filter Vulnerability
Description:	The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.
Family:	unix	Class:	vulnerability
Status:	ACCEPTED	Reference(s):	CVE-2004-0411
Platform(s):	Red Hat Enterprise Linux 3	Product(s):
Definition Synopsis
Software section Red Hat Enterprise 3 is installed AND ix86 architecture AND kdelibs version is less than 3.1.3-6.4 AND Configuration section telnet, rlogin, ssh or kmail is executable /usr/bin/telnet is executable /usr/bin/telnet is executable OR /usr/bin/telnet is executable OR /usr/bin/telnet is executable OR /usr/kerberos/bin/telnet is executable /usr/kerberos/bin/telnet is executable OR /usr/kerberos/bin/telnet is executable OR /usr/kerberos/bin/telnet is executable OR /usr/bin/rlogin is executable /usr/bin/rlogin is executable OR /usr/bin/rlogin is executable OR /usr/bin/rlogin is executable OR /usr/kerberos/bin/rlogin is executable /usr/kerberos/bin/rlogin is executable OR /usr/kerberos/bin/rlogin is executable OR /usr/kerberos/bin/rlogin is executable OR /usr/bin/ssh is executable /usr/bin/ssh is executable OR /usr/bin/ssh is executable OR /usr/bin/ssh is executable OR /usr/bin/kmail is executable /usr/bin/kmail is executable OR /usr/bin/kmail is executable OR /usr/bin/kmail is executable

BACK