[UCI-Linux] Dirk Mueller: KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability

Mike IGLESIAS IGLESIAS@uci.edu
Wed, 11 Sep 2002 08:44:36 -0700


FYI, for those of you using KDE

------- Forwarded Message

Received: from outgoing.securityfocus.com (outgoing3.securityfocus.com [66.38.151.27])
	by draco.acs.uci.edu (8.11.6/8.11.6) with ESMTP id g8BFWkd24669
	for <iglesias@draco.acs.uci.edu>; Wed, 11 Sep 2002 08:32:46 -0700
Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.19])
	by outgoing.securityfocus.com (Postfix) with QMQP
	id 92143A3110; Wed, 11 Sep 2002 09:10:10 -0600 (MDT)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 31214 invoked from network); 10 Sep 2002 22:55:22 -0000
Date: Wed, 11 Sep 2002 01:12:27 +0200
From: Dirk Mueller <mueller@kde.org>
To: kde-announce@kde.org, bugtraq@securityfocus.com
Subject: KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability
Message-ID: <20020910231227.GB9492@matrix.wg>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.27i
X-Spam-Status: No, hits=-8.0 required=5.0
	tests=DOUBLE_CAPSWORD,PGP_SIGNATURE,USER_IN_WHITELIST_TO
	version=2.31
X-Spam-Level: 

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability 
Original Release Date: 2002-09-08
URL: http://www.kde.org/info/security/advisory-20020908-2.txt

0. References
        http://online.securityfocus.com/archive/1/290710/2002-09-03/2002-09-09/0

1. Systems affected:

        KDE 2.2.2
        KDE 3.0 - 3.0.3 

2. Overview:
            
        Konqueror's cross Site scripting protection fails to initialize the 
        domains on sub-(i)frames correctly. As a result, Javascript can 
        access any foreign subframe which is defined in the HTML source. 

3. Impact:
        
        Users of Konqueror and other KDE software that uses the KHTML 
        rendering engine may fall victim of a cookie stealing and 
        other cross site scripting attacks. 
   
4. Solution:
        
        Apply the appended patch to kdelibs, update to the kdelibs-3.0.3a or, 
        as a workaround, disable Javascript or cookies.     

        kdelibs-3.0.3a can be downloaded from 
        http://download.kde.org/stable/3.0.3 :

        02627f595af113f7d544561a7ff6ec85  kdelibs-3.0.3a.tar.bz2
       

5. Patch:

        A patch for KDE 3.0.3 is available from
        
        ftp://ftp.kde.org/pub/kde/security_patches :
  
        523b2fb677310792cbb04861f358d08d  post-3.0.3-kdelibs-khtml.diff

        A patch for KDE 2.2.2 is available from
   
        ftp://ftp.kde.org/pub/kde/security_patches : 
 
        b0b23c3caa062c60375a1160418a2810  post-2.2.2-kdelibs-khtml.diff


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9fntPvsXr+iuy1UoRAiDrAKCIgT/f7UvBqXdgPVkGeFvNktSagQCgkUMw
lxtwL9WYkKyR7TcrK7yY36M=
=yQpt
- -----END PGP SIGNATURE-----

------- End of Forwarded Message