漏洞信息详情

KDE Konqueror子框架脚本执行漏洞

• CNNVD编号：CNNVD-200210-270
• 危害等级： 高危
  
• CVE编号： CVE-2002-1151
• 漏洞类型： 跨站脚本
• 发布时间： 2002-10-11
• 威胁类型： 远程
• 更新时间： 2005-05-13
• 厂        商： kde
• 漏洞来源： This issue was pub...

漏洞简介

KDE 2.2.2版本以及3.0版本到3.0.3版本中Konqueror的跨站脚本保护不能正确初始化子框架和子内嵌框架的域，远程攻击者可以执行脚本以及窃取来自其他域的子框架的cookie。

漏洞公告

The vendor has addressed this issue with kdelibs-3.0.3a. Users are advised to upgrade. Patches have also been made available. MandrakeSoft has issued an advisory. Mandrake Linux 8.1 and 8.2 are vulnerable to this issue. Users are advised to download and install the appropriate RPMs. Further details may be found in the referenced advisory. RedHat has released an advisory, RHSA-2002:220-40, that contains many fixes. Information about obtaining and applying fixes are available in the referenced advisory. KDE KDE 2.2.1

• SCO kdelibs2-2.2.1-6.1.i386.rpm3.1.1 Server ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-047.0/R PMS/kdelibs2-2.2.1-6.1.i386.rpm
• SCO kdelibs2-2.2.1-6.1.i386.rpm3.1.1 Workstation ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-04 7.0/RPMS/kdelibs2-2.2.1-6.1.i386.rpm
• SCO kdelibs2-2.2.1-6.1.i386.rpm3.1 Server ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-047.0/RPM S/kdelibs2-2.2.1-6.1.i386.rpm
• SCO kdelibs2-2.2.1-6.1.i386.rpm3.1 Workstation ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-047. 0/RPMS/kdelibs2-2.2.1-6.1.i386.rpm
• SCO kdelibs2-devel-2.2.1-6.1.i386.rpm3.1.1 Server ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-047.0/R PMS/kdelibs2-devel-2.2.1-6.1.i386.rpm
• SCO kdelibs2-devel-2.2.1-6.1.i386.rpm3.1.1 Workstation ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-04 7.0/RPMS/kdelibs2-devel-2.2.1-6.1.i386.rpm
• SCO kdelibs2-devel-2.2.1-6.1.i386.rpm3.1 Workstation ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-047. 0/RPMS/kdelibs2-devel-2.2.1-6.1.i386.rpm
• SCO kdelibs2-devel-static-2.2.1-6.1.i386.rpm3.1.1 Server ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-047.0/R PMS/kdelibs2-devel-static-2.2.1-6.1.i386.rpm
• SCO kdelibs2-devel-static-2.2.1-6.1.i386.rpm3.1.1 Workstation ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-04 7.0/RPMS/kdelibs2-devel-static-2.2.1-6.1.i386.rpm
• SCO kdelibs2-devel-static-2.2.1-6.1.i386.rpm3.1 Server ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-047.0/RPM S/kdelibs2-devel-static-2.2.1-6.1.i386.rpm
• SCO kdelibs2-devel-static-2.2.1-6.1.i386.rpm3.1 Workstation ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-047. 0/RPMS/kdelibs2-devel-static-2.2.1-6.1.i386.rpm
• SCO kdelibs2-doc-2.2.1-6.1.i386.rpm3.1.1 Server ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-047.0/R PMS/kdelibs2-doc-2.2.1-6.1.i386.rpm
• SCO kdelibs2-doc-2.2.1-6.1.i386.rpm3.1.1 Workstation ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-04 7.0/RPMS/kdelibs2-doc-2.2.1-6.1.i386.rpm
• SCO kdelibs2-doc-2.2.1-6.1.i386.rpm3.1 Server ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-047.0/RPM S/kdelibs2-doc-2.2.1-6.1.i386.rpm
• SCO kdelibs2-doc-2.2.1-6.1.i386.rpm3.1 Workstation ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-047. 0/RPMS/kdelibs2-doc-2.2.1-6.1.i386.rpm

• Debian kdelibs3_2.2.2-13.woody.3_alpha.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2- 13.woody.3_alpha.deb
• Debian kdelibs3_2.2.2-13.woody.3_arm.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2- 13.woody.3_arm.deb
• Debian kdelibs3_2.2.2-13.woody.3_hppa.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2- 13.woody.3_hppa.deb
• Debian kdelibs3_2.2.2-13.woody.3_i386.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2- 13.woody.3_i386.deb
• Debian kdelibs3_2.2.2-13.woody.3_ia64.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2- 13.woody.3_ia64.deb
• Debian kdelibs3_2.2.2-13.woody.3_m68k.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2- 13.woody.3_m68k.deb
• Debian kdelibs3_2.2.2-13.woody.3_mips.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2- 13.woody.3_mips.deb
• Debian kdelibs3_2.2.2-13.woody.3_mipsel.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2- 13.woody.3_mipsel.deb
• Debian kdelibs3_2.2.2-13.woody.3_powerpc.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2- 13.woody.3_powerpc.deb
• Debian kdelibs3_2.2.2-13.woody.3_s390.deb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2- 13.woody.3_s390.deb
• Debian kdelibs3_2.2.2-13.woody.3_sparc.

参考网址

来源: BID 名称: 5689 链接:http://www.securityfocus.com/bid/5689 来源: DEBIAN 名称: DSA-167 链接:http://www.debian.org/security/2002/dsa-167 来源: BUGTRAQ 名称: 20020910 KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103175850925395&w=2 来源: www.kde.org 链接:http://www.kde.org/info/security/advisory-20020908-2.txt 来源: XF 名称: ie-sameoriginpolicy-bypass(10039) 链接:http://www.iss.net/security_center/static/10039.php 来源: REDHAT 名称: RHSA-2002:221 链接:http://www.redhat.com/support/errata/RHSA-2002-221.HTML 来源: REDHAT 名称: RHSA-2002:220 链接:http://www.redhat.com/support/errata/RHSA-2002-220.HTML 来源: OSVDB 名称: 7867 链接:http://www.osvdb.org/7867 来源: MANDRAKE 名称: MDKSA-2002:064 链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-064.php 来源: CONECTIVA 名称: CLA-2002:525 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000525 来源: CALDERA 名称: CSSA-2002-047.0 链接:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt

受影响实体

• Kde Konqueror:2.2.2  
• Kde Konqueror:3.0  
• Kde Konqueror:3.0.1  
• Kde Konqueror:3.0.2  
• Kde Konqueror:3.0.3  

补丁

暂无