Back to search
CVE-2004-0411
Published: May 20, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2004:222
vendor-advisory
x_refsource_REDHAT
SuSE-SA:2003:014
vendor-advisory
x_refsource_SUSE
http://www.kde.org/info/security/advisory-20040517-1.txt
x_refsource_CONFIRM
kde-url-handler-gain-access(16163)
vdb-entry
x_refsource_XF
FEDORA-2004-121
vendor-advisory
x_refsource_FEDORA
20040513 Opera Telnet URI Handler Vulnerability also applies to other browsers
mailing-list
x_refsource_BUGTRAQ
DSA-518
vendor-advisory
x_refsource_DEBIAN
FEDORA-2004-122
vendor-advisory
x_refsource_FEDORA
6107
vdb-entry
x_refsource_OSVDB
20040517 KDE Security Advisory: URI Handler Vulnerabilities
mailing-list
x_refsource_BUGTRAQ
11602
third-party-advisory
x_refsource_SECUNIA
CLA-2004:843
vendor-advisory
x_refsource_CONECTIVA
SSA:2004-238
vendor-advisory
x_refsource_SLACKWARE
GLSA-200405-11
vendor-advisory
x_refsource_GENTOO
oval:org.mitre.oval:def:954
vdb-entry
signature
x_refsource_OVAL
10358
vdb-entry
x_refsource_BID
O-146
third-party-advisory
government-resource
x_refsource_CIAC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now