Package: konqueror Version: 4:3.2.2-1 Severity: grave Tags: security upstream woody sarge sid
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411 : Candidate: CAN-2004-0411 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411 Phase: Assigned (20040416) Category: SF Reference: BUGTRAQ:20040513 Opera Telnet URI Handler Vulnerability also applies to other browsers Reference: URL:http://www.securityfocus.com/archive/1/363225 Reference: BUGTRAQ:20040517 KDE Security Advisory: URI Handler Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108481412427344&w=2 Reference: CONFIRM:http://www.kde.org/info/security/advisory-20040517-1.txt Reference: REDHAT:RHSA-2004:222 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-222.html The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (800, 'unstable'), (750, 'experimental'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.27-pre3 Locale: LANG=C, LC_CTYPE=en_US.ISO8859-1 -- Obsig: developing a new sig
