what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2007.072

Mandriva Linux Security Advisory 2007.072
Posted Apr 2, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in a FTP PASV command.

tags | advisory, remote, protocol
systems | linux, mandriva
advisories | CVE-2007-1564
SHA-256 | ee68a1f822a62c0a2935ff787c003d60672b64d36193c73cfe7b0f3f19b7173e

Mandriva Linux Security Advisory 2007.072

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:072
http://www.mandriva.com/security/
_______________________________________________________________________

Package : kdelibs
Date : March 29, 2007
Affected: 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

The FTP protocol implementation in Konqueror 3.5.5 allows remote
servers to force the client to connect to other servers, perform a
proxied port scan, or obtain sensitive information by specifying an
alternate server address in a FTP PASV command.

Updated packages have been patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1564
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
c0c597de9778cb8206e1ed62fec046b3 2007.0/i586/kdelibs-common-3.5.4-19.4mdv2007.0.i586.rpm
68b85c647d6e117eeab8d77252ee9cf5 2007.0/i586/kdelibs-devel-doc-3.5.4-19.4mdv2007.0.i586.rpm
61d9c254adf06c805411a8d2a8ae88b9 2007.0/i586/libkdecore4-3.5.4-19.4mdv2007.0.i586.rpm
361e161cf27d52446f8d4cca3cde5399 2007.0/i586/libkdecore4-devel-3.5.4-19.4mdv2007.0.i586.rpm
a94477af19ac845bdc7cb58ddc981dc9 2007.0/SRPMS/kdelibs-3.5.4-19.4mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
d1cabaa637a4cd98c4d5d2453fe5e795 2007.0/x86_64/kdelibs-common-3.5.4-19.4mdv2007.0.x86_64.rpm
606305ad558a0f28cb0cfbdd33e84baa 2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.4mdv2007.0.x86_64.rpm
7804378996ebeb4d866f08b95169dd73 2007.0/x86_64/lib64kdecore4-3.5.4-19.4mdv2007.0.x86_64.rpm
a2f440c1e184ba56d4e6dd206575e739 2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.4mdv2007.0.x86_64.rpm
a94477af19ac845bdc7cb58ddc981dc9 2007.0/SRPMS/kdelibs-3.5.4-19.4mdv2007.0.src.rpm

Corporate 3.0:
bfd644bf673c34bcdc40f16cf0b37b0d corporate/3.0/i586/kdelibs-common-3.2-36.18.C30mdk.i586.rpm
af2ffbed7fd04d59bcebae3b4bfe71eb corporate/3.0/i586/libkdecore4-3.2-36.18.C30mdk.i586.rpm
42e3a51ec6aac2a2c9e2ae4971910087 corporate/3.0/i586/libkdecore4-devel-3.2-36.18.C30mdk.i586.rpm
5575864f778b851db8fdaf8099bcc813 corporate/3.0/SRPMS/kdelibs-3.2-36.18.C30mdk.src.rpm

Corporate 3.0/X86_64:
931bef1ba4a2c3dbff91cd1d9b4dd606 corporate/3.0/x86_64/kdelibs-common-3.2-36.18.C30mdk.x86_64.rpm
f1228776d803fe9d126705cbd8ae90c6 corporate/3.0/x86_64/lib64kdecore4-3.2-36.18.C30mdk.x86_64.rpm
90c14b9533af7b0a94ce86f6f6862743 corporate/3.0/x86_64/lib64kdecore4-devel-3.2-36.18.C30mdk.x86_64.rpm
5575864f778b851db8fdaf8099bcc813 corporate/3.0/SRPMS/kdelibs-3.2-36.18.C30mdk.src.rpm

Corporate 4.0:
99ce0c5be728891343589c6e43e29584 corporate/4.0/i586/kdelibs-arts-3.5.4-2.5.20060mlcs4.i586.rpm
c8d918697e252a90412e205a310116c4 corporate/4.0/i586/kdelibs-common-3.5.4-2.5.20060mlcs4.i586.rpm
e9b51f7417d497700dede43bb194d468 corporate/4.0/i586/kdelibs-devel-doc-3.5.4-2.5.20060mlcs4.i586.rpm
e3a58c49c5687673f5cffaf85838f425 corporate/4.0/i586/libkdecore4-3.5.4-2.5.20060mlcs4.i586.rpm
756ef302380caad03d383c44eee28147 corporate/4.0/i586/libkdecore4-devel-3.5.4-2.5.20060mlcs4.i586.rpm
c5507e07961ca39859483995ddff7a34 corporate/4.0/SRPMS/kdelibs-3.5.4-2.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
a1fc572f298d659cbcf47746eac2eb03 corporate/4.0/x86_64/kdelibs-arts-3.5.4-2.5.20060mlcs4.x86_64.rpm
2fa636d65a3b1ef56611d250fa40db4d corporate/4.0/x86_64/kdelibs-common-3.5.4-2.5.20060mlcs4.x86_64.rpm
9eb6a39a045cbad4d97895e49defe523 corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-2.5.20060mlcs4.x86_64.rpm
bd29b8c1f173f373bd43a0f2672f2ffd corporate/4.0/x86_64/lib64kdecore4-3.5.4-2.5.20060mlcs4.x86_64.rpm
b99795fa58545d3eef9a47fcd821b116 corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-2.5.20060mlcs4.x86_64.rpm
c5507e07961ca39859483995ddff7a34 corporate/4.0/SRPMS/kdelibs-3.5.4-2.5.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGC/9MmqjQ0CJFipgRAnBSAKCsTHavuZPB3lFUfv4UpRINWyXE4ACfWoYN
42pmDIWgS7Cogq2fNX/zre8=
=BU3y
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close