The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2005:065 advisory.

    The kdelibs packages include libraries for the K Desktop Environment.

    Two flaws were found in the sandbox environment used to run Java-applets in     the Konqueror web browser. If a user has Java enabled in Konqueror and     visits a malicious website, the website could run a carefully crafted     Java-applet and obtain escalated privileges allowing reading and writing of     arbitrary files with the privileges of the victim.  The Common     Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name     CAN-2004-1145 to this issue.

    A flaw was discovered in the FTP kioslave.  KDE applications such as     Konqueror could be forced to execute arbitrary FTP commands via a carefully     crafted ftp URL.  The URL could also be crafted in such a way as to send an     arbitrary email via SMTP.  An attacker could make use of this flaw if a     victim visits a malicious web site. The Common Vulnerabilities and     Exposures project has assigned the name CAN-2004-1165 to this issue.

    Users should update to these erratum packages which contain backported     patches to correct these issues.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

A vulnerability in the Konqueror web browser was discovered that would allow a malicious web site to take advantage of a flaw in kio_ftp to send email messages without user interaction.

The updated packages are patched to correct the problem.

Thiago Macieira discovered a vulnerability in the kioslave library, which is part of kdelibs, which allows a remote attacker to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline before the FTP command.

Updated kdelib and kdebase packages that resolve several security issues are now available.

The kdelibs packages include libraries for the K Desktop Environment.
The kdebase packages include core applications for the K Desktop Environment.

Secunia Research discovered a window injection spoofing vulnerability affecting the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a different browser window. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-1158 to this issue.

A bug was discovered in the way kioslave handles URL-encoded newline (%0a) characters before the FTP command. It is possible that a specially crafted URL could be used to execute any ftp command on a remote server, or potentially send unsolicited email. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-1165 to this issue.

A bug was discovered that can crash KDE screensaver under certain local circumstances. This could allow an attacker with physical access to the workstation to take over a locked desktop session. Please note that this issue only affects Red Hat Enterprise Linux 2.1. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-0078 to this issue.

All users of KDE are advised to upgrade to this updated packages, which contain backported patches to correct these issues.

A bug in the way kioslave handles URL-encoded newline (%0a) characters before the FTP command was discovered. Because of this, it is possible that a specially crafted URL could be used to execute any ftp command on a remote server, or even send unsolicited email.

As well, Davide Madrisan discovered that dcopidlng created temporary files in an insecure manner.

The updated packages are patched to deal with these issues.

The remote host is affected by the vulnerability described in GLSA-200501-18 (KDE FTP KIOslave: Command injection)

    The FTP KIOslave fails to properly parse URL-encoded newline     characters.
  Impact :

    An attacker could exploit this to execute arbitrary FTP commands on the     server and due to similiarities between the FTP and the SMTP protocol,     this vulnerability also allows an attacker to connect to a SMTP server     and issue arbitrary commands, for example sending an email.
  Workaround :

    There is no known workaround at this time.

Albert Puigsech Galicia reports that Konqueror (more specifically kio_ftp) and Microsoft Internet Explorer are vulnerable to a FTP command injection vulnerability which can be exploited by tricking an user into clicking a specially crafted FTP URI.

It is also reported by Ian Gulliver and Emanuele Balla that this vulnerability can be used to tricking a client into sending out emails without user interaction.

The remote host is using a version of Konqueror that is prone to a security flaw that may allow a malicious website to influence a pop up window from a trusted site.
An attacker may exploit this flaw to impersonate third-party web servers and convince a victim on the remote host into revealing personal information. 

ID	Name	Product	Family	Published	Updated	Severity
17177	RHEL 4 : kdelibs (RHSA-2005:065)	Nessus	Red Hat Local Security Checks	2/22/2005	11/4/2024	critical
16077	Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:160)	Nessus	Mandriva Local Security Checks	1/2/2005	1/6/2021	high
16128	Debian DSA-631-1 : kdelibs - unsanitised input	Nessus	Debian Local Security Checks	1/12/2005	1/4/2021	high
16366	RHEL 2.1 / 3 : kdelibs, kdebase (RHSA-2005:009)	Nessus	Red Hat Local Security Checks	2/10/2005	1/14/2021	high
17140	Mandrake Linux Security Advisory : kdelibs (MDKSA-2005:045)	Nessus	Mandriva Local Security Checks	2/18/2005	1/6/2021	high
16409	GLSA-200501-18 : KDE FTP KIOslave: Command injection	Nessus	Gentoo Local Security Checks	2/14/2005	1/6/2021	high
19008	FreeBSD : kdelibs3 -- konqueror FTP command injection vulnerability (832e9d75-5bfc-11d9-a9e7-0001020eed82)	Nessus	FreeBSD Local Security Checks	7/13/2005	1/6/2021	high
2531	Konqueror Web Browser < 3.3.3 Remote Window Hijacking	Nessus Network Monitor	Web Clients	1/18/2005	3/6/2019	low

Detections

Analytics

Plugins Search

critical

high

high

high

high

high

high

low