CVE-2004-0411 Information

Description

The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter -\ characters that begin a hostname in a (1) telnet (2) rlogin (3) ssh or (4) mailto URI which allows remote attackers to manipulate the options that are passed to the associated programs possibly to read arbitrary files or execute arbitrary code.

Reference

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843 http://marc.info/?l=bugtraq&m=108481412427344&w=2 http://secunia.com/advisories/11602 http://security.gentoo.org/glsa/glsa-200405-11.xml http://www.ciac.org/ciac/bulletins/o-146.shtml http://www.debian.org/security/2004/dsa-518 http://www.kde.org/info/security/advisory-20040517-1.txt http://www.novell.com/linux/security/advisories/2004_14_kdelibs.html http://www.osvdb.org/6107 http://www.redhat.com/support/errata/RHSA-2004-222.html http://www.securityfocus.com/advisories/6717 http://www.securityfocus.com/advisories/6743 http://www.securityfocus.com/archive/1/363225 http://www.securityfocus.com/bid/10358 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.362635 https://exchange.xforce.ibmcloud.com/vulnerabilities/16163 kde-url-handler-gain-access(16163) https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A954