CVE-2004-0411

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 07-07-2004 06:00

Last modified: - 28-02-2022 06:16

Total changes: - 2

Description

The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

7.5

Base score

10.0

6.4

Exploitability score

Impact score

Verification logic

vendor=kde AND product=konqueror AND versionEndIncluding=3.2.2

Reference

20040513 Opera Telnet URI Handler Vulnerability also applies to other browsers-Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory
http://www.kde.org/info/security/advisory-20040517-1.txt
RHSA-2004:222-Broken Link
SuSE-SA:2003:014-Broken Link
GLSA-200405-11-Third Party Advisory
DSA-518-Third Party Advisory
O-146-Broken Link
10358-Broken Link, Third Party Advisory, VDB Entry
6107-Broken Link
11602-Broken Link
FEDORA-2004-121-Broken Link, Third Party Advisory, VDB Entry
FEDORA-2004-122-Broken Link, Third Party Advisory, VDB Entry
CLA-2004:843-Broken Link
SSA:2004-238-Broken Link
20040517 KDE Security Advisory: URI Handler Vulnerabilities-Mailing List
kde-url-handler-gain-access(16163)-Third Party Advisory, VDB Entry
oval:org.mitre.oval:def:954-Tool Signature

Keywords

CVE-2004-0411

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2004-0411

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures