安全研究

安全漏洞
KDE Konqueror JavaScript IFrame拒绝服务漏洞

发布日期:2007-03-05
更新日期:2007-04-05

受影响系统:
KDE KDE 3.5.5
KDE KDE 3.5.4
描述:
BUGTRAQ  ID: 22814
CVE(CAN) ID: CVE-2007-1308

Konqueror是K桌面环境的文件管理器,也可用于浏览WEB。

KDE 3.5.5中,Konqueror使用的KDE JavaScript (KJS)的ecma/kjs_html.cpp存在远程拒绝服务漏洞,远程攻击者通过src属性内的ftp:// URI访问iframe的内容,触发空指针引用造成拒绝服务。

<*来源:mark@bindshell.net
  *>

测试方法:

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

http://downloads.securityfocus.com/vulnerabilities/exploits/konq355-crash-demo.html

建议:
厂商补丁:

KDE
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

KDE KDE 3.5.4
Mandriva kdelibs-3.5.4-19.3mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download

Mandriva kdelibs-3.5.4-19.3mdv2007.0.src.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download

Mandriva kdelibs-3.5.4-2.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download

Mandriva kdelibs-3.5.4-2.4.20060mlcs4.src.rpm
Corporate 4.0:
http://www.mandriva.com/en/download

Mandriva kdelibs-arts-3.5.4-2.4.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download

Mandriva kdelibs-arts-3.5.4-2.4.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download

Mandriva kdelibs-common-3.5.4-19.3mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download

Mandriva kdelibs-common-3.5.4-19.3mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download

Mandriva kdelibs-common-3.5.4-2.4.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download

Mandriva kdelibs-common-3.5.4-2.4.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download

Mandriva kdelibs-devel-doc-3.5.4-19.3mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download

Mandriva kdelibs-devel-doc-3.5.4-19.3mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download

Mandriva kdelibs-devel-doc-3.5.4-2.4.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download

Mandriva kdelibs-devel-doc-3.5.4-2.4.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download

Mandriva lib64kdecore4-3.5.4-19.3mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download

Mandriva lib64kdecore4-3.5.4-2.4.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download

Mandriva lib64kdecore4-devel-3.5.4-19.3mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download

Mandriva lib64kdecore4-devel-3.5.4-2.4.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download

Mandriva libkdecore4-3.5.4-19.3mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download

Mandriva libkdecore4-3.5.4-2.4.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download

Mandriva libkdecore4-devel-3.5.4-19.3mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download

Mandriva libkdecore4-devel-3.5.4-2.4.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download


KDE kdelibs 3.5.5
Ubuntu kdelibs-data_3.5.5-0ubuntu3.1.1_all.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5 .5-0ubuntu3.1.1_all.deb

Ubuntu kdelibs-dbg_3.5.5-0ubuntu3.1.1_amd64.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5. 5-0ubuntu3.1.1_amd64.deb

Ubuntu kdelibs-dbg_3.5.5-0ubuntu3.1.1_i386.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5. 5-0ubuntu3.1.1_i386.deb

Ubuntu kdelibs-dbg_3.5.5-0ubuntu3.1.1_powerpc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5. 5-0ubuntu3.1.1_powerpc.deb

Ubuntu kdelibs-dbg_3.5.5-0ubuntu3.1.1_sparc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5. 5-0ubuntu3.1.1_sparc.deb

Ubuntu kdelibs_3.5.5-0ubuntu3.1.1_all.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0u buntu3.1.1_all.deb

Ubuntu kdelibs4-dev_3.5.5-0ubuntu3.1.1_amd64.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5 .5-0ubuntu3.1.1_amd64.deb

Ubuntu kdelibs4-dev_3.5.5-0ubuntu3.1.1_i386.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5 .5-0ubuntu3.1.1_i386.deb

Ubuntu kdelibs4-dev_3.5.5-0ubuntu3.1.1_powerpc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5 .5-0ubuntu3.1.1_powerpc.deb

Ubuntu kdelibs4-dev_3.5.5-0ubuntu3.1.1_sparc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5 .5-0ubuntu3.1.1_sparc.deb

Ubuntu kdelibs4-doc_3.5.5-0ubuntu3.1.1_all.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5 .5-0ubuntu3.1.1_all.deb

Ubuntu kdelibs4c2a_3.5.5-0ubuntu3.1.1_amd64.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5. 5-0ubuntu3.1.1_amd64.deb

Ubuntu kdelibs4c2a_3.5.5-0ubuntu3.1.1_i386.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5. 5-0ubuntu3.1.1_i386.deb

Ubuntu kdelibs4c2a_3.5.5-0ubuntu3.1.1_powerpc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5. 5-0ubuntu3.1.1_powerpc.deb

Ubuntu kdelibs4c2a_3.5.5-0ubuntu3.1.1_sparc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5. 5-0ubuntu3.1.1_sparc.deb

浏览次数:2085
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客