RHEL 4 / 5 : kdelibs (RHSA-2007:0909)

medium Nessus Plugin ID 26952

Synopsis

The remote Red Hat host is missing one or more security updates for kdelibs.

Description

The remote Redhat Enterprise Linux 4 / 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2007:0909 advisory.

The kdelibs package provides libraries for the K Desktop Environment (KDE).

Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537)

A flaw was found in KDE JavaScript implementation. A web page containing malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308)

A flaw was found in the way Konqueror handled certain FTP PASV commands.
A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1564)

Two Konqueror address spoofing flaws have been discovered. It was possible for a malicious website to cause the Konqueror address bar to display information which could trick a user into believing they are at a different website than they actually are. (CVE-2007-3820, CVE-2007-4224)

Users of KDE should upgrade to these updated packages, which contain backported patches to correct these issues.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL kdelibs package based on the guidance in RHSA-2007:0909.

See Also

http://www.nessus.org/u?6d3ce7ea

http://www.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=229606

https://bugzilla.redhat.com/show_bug.cgi?id=233592

https://bugzilla.redhat.com/show_bug.cgi?id=234633

https://bugzilla.redhat.com/show_bug.cgi?id=248537

https://bugzilla.redhat.com/show_bug.cgi?id=251708

https://bugzilla.redhat.com/show_bug.cgi?id=299891

https://access.redhat.com/errata/RHSA-2007:0909

Plugin Details

Severity: Medium

ID: 26952

File Name: redhat-RHSA-2007-0909.nasl

Version: 1.26

Type: local

Agent: unix

Published: 10/9/2007

Updated: 11/4/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2007-1564

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2007-0537

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:5, p-cpe:/a:redhat:enterprise_linux:kdelibs-apidocs, cpe:/o:redhat:enterprise_linux:4, p-cpe:/a:redhat:enterprise_linux:kdelibs-devel, p-cpe:/a:redhat:enterprise_linux:kdelibs

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 10/8/2007

Vulnerability Publication Date: 1/29/2007

Reference Information

CVE: CVE-2007-0242, CVE-2007-0537, CVE-2007-1308, CVE-2007-1564, CVE-2007-3820, CVE-2007-4224

CWE: 79

RHSA: 2007:0909