Detections
Analytics

CentOS 4 / 5 : kdelibs (CESA-2007:0909)

medium Nessus Plugin ID 26974

Synopsis

The remote CentOS host is missing one or more security updates.

Description

Updated kdelibs packages that resolve several security flaws are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

The kdelibs package provides libraries for the K Desktop Environment (KDE).

Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user.
(CVE-2007-0242, CVE-2007-0537)

A flaw was found in KDE JavaScript implementation. A web page containing malicious JavaScript code could cause Konqueror to crash.
(CVE-2007-1308)

A flaw was found in the way Konqueror handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall.
(CVE-2007-1564)

Two Konqueror address spoofing flaws have been discovered. It was possible for a malicious website to cause the Konqueror address bar to display information which could trick a user into believing they are at a different website than they actually are. (CVE-2007-3820, CVE-2007-4224)

Users of KDE should upgrade to these updated packages, which contain backported patches to correct these issues.

Solution

Update the affected kdelibs packages.

See Also

http://www.nessus.org/u?4576e16d

http://www.nessus.org/u?daa3b324

http://www.nessus.org/u?9fce9c47

http://www.nessus.org/u?cb2b04c0

http://www.nessus.org/u?7d8637c9

Plugin Details

Severity: Medium

ID: 26974

File Name: centos_RHSA-2007-0909.nasl

Version: 1.19

Type: local

Agent: unix

Published: 10/12/2007

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:centos:centos:4, cpe:/o:centos:centos:5, p-cpe:/a:centos:centos:kdelibs, p-cpe:/a:centos:centos:kdelibs-apidocs, p-cpe:/a:centos:centos:kdelibs-devel

Required KB Items: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list

Patch Publication Date: 10/8/2007

Vulnerability Publication Date: 1/29/2007

Reference Information

CVE: CVE-2007-0242, CVE-2007-0537, CVE-2007-1308, CVE-2007-1564, CVE-2007-3820, CVE-2007-4224

CWE: 399, 59, 79

RHSA: 2007:0909