OVAL Repository - View Definition: oval:org.mitre.oval:def:954

OVAL Repository > View Definition

View Definition

NEW SEARCH : BACK

Definition Id: oval:org.mitre.oval:def:954		Version: 2 Last Modified: 2007-04-10
Title:	Konqueror URI Handler "-" Filter Vulnerability
Description:	The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.
Family:	unix	Class:	vulnerability
Status:	ACCEPTED	Reference(s):	CVE-2004-0411
Platform(s):	Red Hat Enterprise Linux 3	Product(s):
Definition Synopsis:
Software section Red Hat Enterprise 3 is installed AND ix86 architecture AND kdelibs version is less than 3.1.3-6.4 AND Configuration section telnet, rlogin, ssh or kmail is executable /usr/bin/telnet is executable /usr/bin/telnet is executable OR /usr/bin/telnet is executable OR /usr/bin/telnet is executable OR /usr/kerberos/bin/telnet is executable /usr/kerberos/bin/telnet is executable OR /usr/kerberos/bin/telnet is executable OR /usr/kerberos/bin/telnet is executable OR /usr/bin/rlogin is executable /usr/bin/rlogin is executable OR /usr/bin/rlogin is executable OR /usr/bin/rlogin is executable OR /usr/kerberos/bin/rlogin is executable /usr/kerberos/bin/rlogin is executable OR /usr/kerberos/bin/rlogin is executable OR /usr/kerberos/bin/rlogin is executable OR /usr/bin/ssh is executable /usr/bin/ssh is executable OR /usr/bin/ssh is executable OR /usr/bin/ssh is executable OR /usr/bin/kmail is executable /usr/bin/kmail is executable OR /usr/bin/kmail is executable OR /usr/bin/kmail is executable

NEW SEARCH : BACK

OVAL Repository

About the Repository

OVAL Repository Forum

Author’s Resources

Items of Interest