The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.
References
Configurations
History
20 Nov 2024, 23:48
Type | Values Removed | Values Added |
---|---|---|
References | () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843 - Broken Link | |
References | () http://marc.info/?l=bugtraq&m=108481412427344&w=2 - Mailing List, Third Party Advisory | |
References | () http://secunia.com/advisories/11602 - Broken Link | |
References | () http://security.gentoo.org/glsa/glsa-200405-11.xml - Third Party Advisory | |
References | () http://www.ciac.org/ciac/bulletins/o-146.shtml - Broken Link | |
References | () http://www.debian.org/security/2004/dsa-518 - Third Party Advisory | |
References | () http://www.kde.org/info/security/advisory-20040517-1.txt - Patch, Vendor Advisory | |
References | () http://www.novell.com/linux/security/advisories/2004_14_kdelibs.html - Broken Link | |
References | () http://www.osvdb.org/6107 - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2004-222.html - Broken Link | |
References | () http://www.securityfocus.com/advisories/6717 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/advisories/6743 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/archive/1/363225 - Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/10358 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.362635 - Broken Link | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/16163 - Third Party Advisory, VDB Entry | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A954 - Broken Link, Tool Signature |
13 Feb 2024, 18:01
Type | Values Removed | Values Added |
---|---|---|
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=108481412427344&w=2 - Mailing List, Third Party Advisory | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A954 - Broken Link, Tool Signature | |
CWE | CWE-88 |
Information
Published : 2004-07-07 04:00
Updated : 2024-11-20 23:48
NVD link : CVE-2004-0411
Mitre link : CVE-2004-0411
CVE.ORG link : CVE-2004-0411
JSON object : View
Products Affected
kde
- konqueror
CWE
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')