exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Open Source CERT Security Advisory 2009.15

Open Source CERT Security Advisory 2009.15
Posted Oct 28, 2009
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

KDE suffers from multiple insufficient validation vulnerabilities that can result in the execution of active content. Versions below 4.3.2 are affected.

tags | advisory, vulnerability
SHA-256 | ecdec1474c60e06f8d03ae23981515ca996b2e57443237988e158fc66e77b190

Open Source CERT Security Advisory 2009.15

Change Mirror Download

#2009-015 KDE multiple issues

Description:

KDE, an open source desktop environment, suffers from several bugs that
pose a security risk.

The oCERT team was contacted by Portcullis Security requesting help in
handling a series of issues reported to the KDE project back in July 2007.
Because of an extended period of non-disclosure Portcullis decided to
resubmit the issues to KDE and contacted oCERT asking for assistance in
disclosure coordination.

Ark input sanitization errors:
The KDE archiving tool, Ark, performs insufficient validation which leads
to specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites.

IO Slaves input sanitization errors:
KDE protocol handlers perform insufficient input validation, an attacker
can craft malicious URI that would trigger JavaScript execution.
Additionally the 'help://' protocol handler suffer from directory
traversal. It should be noted that the scope of this issue is limited as
the malicious URIs cannot be embedded in Internet hosted content.

KMail input sanitization errors:
The KDE mail client, KMail, performs insufficient validation which leads
to specially crafted email attachments, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites.

The exploitation of these vulnerabilities is unlikely according to
Portcullis and KDE but the execution of active content is nonetheless
unexpected and might pose a threat.

All the reported issues have been patched.

Affected version:

KDE < 4.3.2

Fixed version:

KDE >= 4.3.3

Credit: Tim Brown, Portcullis Computer Security Ltd.

CVE: N/A

Timeline:

2009-02-18: vulnerability report received
2009-02-19: contacted KDE security team
2009-03-05: KDE acknowledges the report, provides preliminary analysis for
the reported issues
2009-03-18: Portcullis provides additional information
2009-04-29: KDE provides preliminary patches
2009-05-27: KDE reports that they are communicating directly with
Portcullis on the reported issues
2009-06-15: Portcullis provides updated advisories for review
2009-06-18: oCERT asks KDE review of Portcullis advisories
2009-09-23: KDE reports that all issues have been fixed
2009-10-02: KDE reports additional feedback about the fixes
2009-10-15: KDE commits all outstanding fixes
2009-10-27: advisory release

References:
http://www.davidfaure.fr/2009/xmlhttprequest_3.x.diff
http://websvn.kde.org/?view=revision&revision=1035539
http://websvn.kde.org/?view=revision&revision=1030579
http://websvn.kde.org/?view=revision&revision=938003

Permalink:
http://www.ocert.org/advisories/ocert-2009-015.html

--
Andrea Barisani | Founder & Project Coordinator
oCERT | Open Source Computer Emergency Response Team

<lcars@ocert.org> http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Pluralitas non est ponenda sine necessitate"
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close