LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: kdelibs & kdebase vulnerability fix Print E-mail
User Rating:      How can I rate this item?
Posted by Joe Shakespeare   
Mandrake Daniel Fabian discovered a potential privacy issue in KDE. When creating a link to a remote file from various applications, including Konqueror, the resulting URL may contain the authentication credentials used to access that remote resource. This includes, but is not limited to, browsing SMB (Samba) shares. Upon further investigation, it was found that the SMB protocol handler also unnecessarily exposed authentication credentials (CAN-2004-1171).

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           kdelibs
 Advisory ID:            MDKSA-2004:150
 Date:                   December 15th, 2004

 Affected versions:      10.0, 10.1
 ______________________________________________________________________

 Problem Description:

 Daniel Fabian discovered a potential privacy issue in KDE.  When
 creating a link to a remote file from various applications, including
 Konqueror, the resulting URL may contain the authentication
 credentials used to access that remote resource.  This includes, but
 is not limited to, browsing SMB (Samba) shares.  Upon further
 investigation, it was found that the SMB protocol handler also
 unnecessarily exposed authentication credentials (CAN-2004-1171).

 Another vulnerability was discovered where a malicious website could
 abuse Konqueror to load its own content into a window or tab that was
 opened by a trusted website, or it could trick a trusted website into
 loading content into an existing window or tab.  This could lead to
 the user being confused as to the origin of a particular webpage and
 could have the user unknowingly send confidential information intended
 for a trusted site to the malicious site (CAN-2004-1158).

 The updated packages contain a patch from the KDE team to solve this
 issue.

 Additionally, the kdelibs and kdebase packages for Mandrakelinux 10.1
 contain numerous bugfixes.  New qt3 packages are being provided for
 Mandrakelinux 10.0 that are required to build the kdebase package.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1158
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1171
  http://www.kde.org/info/security/advisory-20041209-1.txt
  http://www.kde.org/info/security/advisory-20040811-3.txt
 ______________________________________________________________________

 Updated Packages:

 Mandrakelinux 10.0:
 94a0e81fbb14ca886d4afad27cd3ffc2  10.0/RPMS/kdebase-3.2-79.14.100mdk.i586.rpm
 2410d49502511bd9d59b710a554336ae  10.0/RPMS/kdebase-common-3.2-79.14.100mdk.i586.rpm
 fe8563a412945d38834d559e3fd9740c  10.0/RPMS/kdebase-kate-3.2-79.14.100mdk.i586.rpm
 f24e7a870b6242a30fa6643b27b4bb80  10.0/RPMS/kdebase-kcontrol-data-3.2-79.14.100mdk.i586.rpm
 762b15796f14dcf038d12bc5bac2f985  10.0/RPMS/kdebase-kdeprintfax-3.2-79.14.100mdk.i586.rpm
 9b80d9d8f01d361ee4083d17af6c2c62  10.0/RPMS/kdebase-kdm-3.2-79.14.100mdk.i586.rpm
 c658f9f35d284cdd9ac017fcac4d3e78  10.0/RPMS/kdebase-kdm-config-file-3.2-79.14.100mdk.i586.rpm
 4ea434e4741b0739cfbefeaacaadc7ed  10.0/RPMS/kdebase-kmenuedit-3.2-79.14.100mdk.i586.rpm
 8861ff2f626f99f56457e2f318681028  10.0/RPMS/kdebase-konsole-3.2-79.14.100mdk.i586.rpm
 a4aea066db45b34d831b3b50b69f311d  10.0/RPMS/kdebase-nsplugins-3.2-79.14.100mdk.i586.rpm
 9f612b20878759f25896b0bfa235c9fe  10.0/RPMS/kdebase-progs-3.2-79.14.100mdk.i586.rpm
 fe6f1816f1d4920f9ff908d219233cb8  10.0/RPMS/kdelibs-common-3.2-36.6.100mdk.i586.rpm
 16d29356633ea06254eb2c82a3119da2  10.0/RPMS/libkdebase4-3.2-79.14.100mdk.i586.rpm
 449890eb4a344ad68d4d847c33bf7fd4  10.0/RPMS/libkdebase4-devel-3.2-79.14.100mdk.i586.rpm
 647177fdad6dd4e86682c8d8a9ca4a87  10.0/RPMS/libkdebase4-kate-3.2-79.14.100mdk.i586.rpm
 f5de705057c05d5753e93241e9ec6904  10.0/RPMS/libkdebase4-kate-devel-3.2-79.14.100mdk.i586.rpm
 0d1133d72d4e653494c626bbc5bb75c6  10.0/RPMS/libkdebase4-kmenuedit-3.2-79.14.100mdk.i586.rpm
 8a0b9e380ac4dd2fbb56bd52ed40675c  10.0/RPMS/libkdebase4-konsole-3.2-79.14.100mdk.i586.rpm
 00cf6d1d3bf70a5df1843679266ba2a5  10.0/RPMS/libkdebase4-nsplugins-3.2-79.14.100mdk.i586.rpm
 e72a5df9c563785e615c76af047e6cfc  10.0/RPMS/libkdebase4-nsplugins-devel-3.2-79.14.100mdk.i586.rpm
 0c80ae011de43476cd524c9d76f11d5c  10.0/RPMS/libkdecore4-3.2-36.6.100mdk.i586.rpm
 119a53eabfb36409650a36713b0c2a80  10.0/RPMS/libkdecore4-devel-3.2-36.6.100mdk.i586.rpm
 89e8a634c4600829b0885e9cb13711cc  10.0/RPMS/mandrakelinux-kde-config-file-10.1-6.1.100mdk.noarch.rpm
 de5514210d372dfd101d89674f8a7d1d  10.0/RPMS/libqt3-3.2.3-19.5.100mdk.i586.rpm
 d07574af8ca4c3e1c6edd8029c5bb2f0  10.0/RPMS/libqt3-devel-3.2.3-19.5.100mdk.i586.rpm
 467533523851db3b3c3d1b65058e6f96  10.0/RPMS/libqt3-mysql-3.2.3-19.5.100mdk.i586.rpm
 4931ecf689833bbacad8ab6e0ad14b58  10.0/RPMS/libqt3-odbc-3.2.3-19.5.100mdk.i586.rpm
 c904ea9b413ee5741b449c6682b54095  10.0/RPMS/libqt3-psql-3.2.3-19.5.100mdk.i586.rpm
 dee4dcde20538670d900a3b64bfbab25  10.0/RPMS/qt3-common-3.2.3-19.5.100mdk.i586.rpm
 7b27ce87ee4549eca463b3568b61eb55  10.0/RPMS/qt3-example-3.2.3-19.5.100mdk.i586.rpm
 a63c8733f6bfe8922130d582b4a1a01d  10.0/SRPMS/kdebase-3.2-79.14.100mdk.src.rpm
 8591c71e52ec11f9b59f9f3a3a90a659  10.0/SRPMS/kdelibs-3.2-36.6.100mdk.src.rpm
 76ef62153b1c2ced48059b9b9ab7cbcf  10.0/SRPMS/mandrakelinux-kde-config-file-10.1-6.1.100mdk.src.rpm
 a358c42ab7b7e0cfc0a8bc7c767fb205  10.0/SRPMS/qt3-3.2.3-19.5.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 2f567e1716906db7c569cde1eba47aa1  amd64/10.0/RPMS/kdebase-3.2-79.14.100mdk.amd64.rpm
 c3d10f810cd9b6fae43e80f0af12d2b0  amd64/10.0/RPMS/kdebase-common-3.2-79.14.100mdk.amd64.rpm
 72303667774e30a65b209290f38ba48f  amd64/10.0/RPMS/kdebase-kate-3.2-79.14.100mdk.amd64.rpm
 e785979edd5aac8ff0739613cb1ce7cd  amd64/10.0/RPMS/kdebase-kcontrol-data-3.2-79.14.100mdk.amd64.rpm
 c7ebb9a911149f0dafd7dea7c426fcc1  amd64/10.0/RPMS/kdebase-kdeprintfax-3.2-79.14.100mdk.amd64.rpm
 83170f585da8d5c4d1e7aba2ff75f920  amd64/10.0/RPMS/kdebase-kdm-3.2-79.14.100mdk.amd64.rpm
 cad3b76743280cab55b0b0c76018e9cb  amd64/10.0/RPMS/kdebase-kdm-config-file-3.2-79.14.100mdk.amd64.rpm
 c421d3e4197387ee00cfce4fdf39d0af  amd64/10.0/RPMS/kdebase-kmenuedit-3.2-79.14.100mdk.amd64.rpm
 3f1180977f183764fde50678ac68f4b3  amd64/10.0/RPMS/kdebase-konsole-3.2-79.14.100mdk.amd64.rpm
 54aa322565804415149b49a1e06f8369  amd64/10.0/RPMS/kdebase-nsplugins-3.2-79.14.100mdk.amd64.rpm
 7c3003d1b4bfb205b04064e6292a644a  amd64/10.0/RPMS/kdebase-progs-3.2-79.14.100mdk.amd64.rpm
 35773104bc37d0a8f57241def3ef7365  amd64/10.0/RPMS/kdelibs-common-3.2-36.6.100mdk.amd64.rpm
 20ff43cf7be89fee35309c160dd01504  amd64/10.0/RPMS/lib64kdebase4-3.2-79.14.100mdk.amd64.rpm
 c5fb10ab086d5ea538273fa0dba5abf9  amd64/10.0/RPMS/lib64kdebase4-devel-3.2-79.14.100mdk.amd64.rpm
 9b452ff7994d1bdd2913c429bbda0c5d  amd64/10.0/RPMS/lib64kdebase4-kate-3.2-79.14.100mdk.amd64.rpm
 cbc8223d5e61b9b3901b040952089423  amd64/10.0/RPMS/lib64kdebase4-kate-devel-3.2-79.14.100mdk.amd64.rpm
 4195e65ee3dd79092bcfa48cc67cd3fc  amd64/10.0/RPMS/lib64kdebase4-kmenuedit-3.2-79.14.100mdk.amd64.rpm
 2d728ef56e44891988c4040ae2087974  amd64/10.0/RPMS/lib64kdebase4-konsole-3.2-79.14.100mdk.amd64.rpm
 e596b7017cb6fb62e8a566b6642d5ca5  amd64/10.0/RPMS/lib64kdebase4-nsplugins-3.2-79.14.100mdk.amd64.rpm
 6d60572cf9b5d61797f05ea4873436e6  amd64/10.0/RPMS/lib64kdebase4-nsplugins-devel-3.2-79.14.100mdk.amd64.rpm
 cd835d51e1cde96a51b2938482b1f1b1  amd64/10.0/RPMS/lib64kdecore4-3.2-36.6.100mdk.amd64.rpm
 eb69a560b437d59d3aeccf379404c84a  amd64/10.0/RPMS/lib64kdecore4-devel-3.2-36.6.100mdk.amd64.rpm
 01926d6f0316e175556a85342cdcd24a  amd64/10.0/RPMS/mandrakelinux-kde-config-file-10.1-6.1.100mdk.noarch.rpm
 fa4161af983398599856f40517319524  amd64/10.0/RPMS/lib64qt3-3.2.3-19.5.100mdk.amd64.rpm
 12d3321a029b9b1ce93887fdfa0ed71f  amd64/10.0/RPMS/lib64qt3-devel-3.2.3-19.5.100mdk.amd64.rpm
 42c81b5260658c2ad7242a7228e72443  amd64/10.0/RPMS/lib64qt3-mysql-3.2.3-19.5.100mdk.amd64.rpm
 8da09a60b93fd0e75f1cb56582814097  amd64/10.0/RPMS/lib64qt3-odbc-3.2.3-19.5.100mdk.amd64.rpm
 5a6ba60559a5dc033a08c1b724feaa77  amd64/10.0/RPMS/lib64qt3-psql-3.2.3-19.5.100mdk.amd64.rpm
 2966c10cea3af06fb2166ace1a91b48d  amd64/10.0/RPMS/qt3-common-3.2.3-19.5.100mdk.amd64.rpm
 b0df33b39f92578cc91f5db08ce87a16  amd64/10.0/RPMS/qt3-example-3.2.3-19.5.100mdk.amd64.rpm
 a63c8733f6bfe8922130d582b4a1a01d  amd64/10.0/SRPMS/kdebase-3.2-79.14.100mdk.src.rpm
 8591c71e52ec11f9b59f9f3a3a90a659  amd64/10.0/SRPMS/kdelibs-3.2-36.6.100mdk.src.rpm
 76ef62153b1c2ced48059b9b9ab7cbcf  amd64/10.0/SRPMS/mandrakelinux-kde-config-file-10.1-6.1.100mdk.src.rpm
 a358c42ab7b7e0cfc0a8bc7c767fb205  amd64/10.0/SRPMS/qt3-3.2.3-19.5.100mdk.src.rpm

 Mandrakelinux 10.1:
 972fe138454f3903efc5cc529f6ead39  10.1/RPMS/kdebase-3.2.3-134.3.101mdk.i586.rpm
 df6ae088056df3785b583168756e8ef8  10.1/RPMS/kdebase-common-3.2.3-134.3.101mdk.i586.rpm
 bffe36fa78bb002b54be6b514471ff06  10.1/RPMS/kdebase-kate-3.2.3-134.3.101mdk.i586.rpm
 8e331c540ec5d8994ffc7f3ba0f0170b  10.1/RPMS/kdebase-kcontrol-data-3.2.3-134.3.101mdk.i586.rpm
 2c112b568a2f1100898ed93c13076c59  10.1/RPMS/kdebase-kcontrol-nsplugins-3.2.3-134.3.101mdk.i586.rpm
 a8135cfd8a6151b1fe65a11547d98ef8  10.1/RPMS/kdebase-kdeprintfax-3.2.3-134.3.101mdk.i586.rpm
 f3cffcf7a3827bd7123eaf9d194dfd50  10.1/RPMS/kdebase-kdm-3.2.3-134.3.101mdk.i586.rpm
 86c7959746eac1ff886e787e96cd8905  10.1/RPMS/kdebase-kdm-config-file-3.2.3-134.3.101mdk.i586.rpm
 a611577b74c8458066c0d35ee7fe6f78  10.1/RPMS/kdebase-kmenuedit-3.2.3-134.3.101mdk.i586.rpm
 a0395205f5b3ab41762b05672e3b97cc  10.1/RPMS/kdebase-konsole-3.2.3-134.3.101mdk.i586.rpm
 6d60ce25edb4f0cbf47a200598febbff  10.1/RPMS/kdebase-nsplugins-3.2.3-134.3.101mdk.i586.rpm
 68dcbade83c1855090b0620a06ea75a7  10.1/RPMS/kdebase-progs-3.2.3-134.3.101mdk.i586.rpm
 a00553dd184a3c1950fec3c522ac4fdb  10.1/RPMS/kdelibs-common-3.2.3-98.1.101mdk.i586.rpm
 b5423f6281c545152517fa3f462a338b  10.1/RPMS/libkdebase4-3.2.3-134.3.101mdk.i586.rpm
 5b68c49d7261db8b336d35d10f55fd80  10.1/RPMS/libkdebase4-devel-3.2.3-134.3.101mdk.i586.rpm
 b997f46a32fec2e66937024790a21ece  10.1/RPMS/libkdebase4-kate-3.2.3-134.3.101mdk.i586.rpm
 356eeaec1611fa9052a7f90e25c21e34  10.1/RPMS/libkdebase4-kate-devel-3.2.3-134.3.101mdk.i586.rpm
 7d7305d17435afa09bb67457668949a3  10.1/RPMS/libkdebase4-kmenuedit-3.2.3-134.3.101mdk.i586.rpm
 4a1213eb224297ef834b3a6215adbacf  10.1/RPMS/libkdebase4-konsole-3.2.3-134.3.101mdk.i586.rpm
 ec781a7e1023d168b3aa6a53df54f699  10.1/RPMS/libkdecore4-3.2.3-98.1.101mdk.i586.rpm
 1c5c87951f4977ad48edb3af0c432de0  10.1/RPMS/libkdecore4-devel-3.2.3-98.1.101mdk.i586.rpm
 3a4c629b45ff88584e1789af79d909f9  10.1/SRPMS/kdebase-3.2.3-134.3.101mdk.src.rpm
 1336c97fcbcce55e82256f315e8d391f  10.1/SRPMS/kdelibs-3.2.3-98.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 cc6f80a192d7e0162eee2f77f97076f6  x86_64/10.1/RPMS/kdebase-3.2.3-134.3.101mdk.x86_64.rpm
 18ee5f00437b495ead1e90f02b5eb358  x86_64/10.1/RPMS/kdebase-common-3.2.3-134.3.101mdk.x86_64.rpm
 d6fb46a0279ef81ae70d6ea2e06b0ce2  x86_64/10.1/RPMS/kdebase-kate-3.2.3-134.3.101mdk.x86_64.rpm
 1c5138058b2d3bfc40199149f0e83404  x86_64/10.1/RPMS/kdebase-kcontrol-data-3.2.3-134.3.101mdk.x86_64.rpm
 4a0eede9628ffa0c04dda4e368a27d7a  x86_64/10.1/RPMS/kdebase-kcontrol-nsplugins-3.2.3-134.3.101mdk.x86_64.rpm
 e1c0afb3911d0b10b5df47371743c0ad  x86_64/10.1/RPMS/kdebase-kdeprintfax-3.2.3-134.3.101mdk.x86_64.rpm
 0545ff39340a0f05ef11fbc4e89b5973  x86_64/10.1/RPMS/kdebase-kdm-3.2.3-134.3.101mdk.x86_64.rpm
 457ccc0c30d59f43bec5f422576395ee  x86_64/10.1/RPMS/kdebase-kdm-config-file-3.2.3-134.3.101mdk.x86_64.rpm
 8095bea2b027cbb0430b5293424900b6  x86_64/10.1/RPMS/kdebase-kmenuedit-3.2.3-134.3.101mdk.x86_64.rpm
 5997ca308d73acceef0c510bcec4a032  x86_64/10.1/RPMS/kdebase-konsole-3.2.3-134.3.101mdk.x86_64.rpm
 2392898d9d5a2193fa5ab17684ec23d3  x86_64/10.1/RPMS/kdebase-nsplugins-3.2.3-134.3.101mdk.x86_64.rpm
 aee5e3ec7fd5f96c5b43da69516067c6  x86_64/10.1/RPMS/kdebase-progs-3.2.3-134.3.101mdk.x86_64.rpm
 f80ec082880d0e79eb3382f8bb8073d3  x86_64/10.1/RPMS/kdelibs-common-3.2.3-98.1.101mdk.x86_64.rpm
 02075966c9cc4f4bbfa7ad42a4c104ad  x86_64/10.1/RPMS/lib64kdebase4-3.2.3-134.3.101mdk.x86_64.rpm
 31ab975cb164229c9d747a849e50c4ac  x86_64/10.1/RPMS/lib64kdebase4-devel-3.2.3-134.3.101mdk.x86_64.rpm
 803c8ca7d7d0f40764e7dd8341c0f885  x86_64/10.1/RPMS/lib64kdebase4-kate-3.2.3-134.3.101mdk.x86_64.rpm
 2f09b408d1fade903d0af1db9b21a730  x86_64/10.1/RPMS/lib64kdebase4-kate-devel-3.2.3-134.3.101mdk.x86_64.rpm
 1671dd96859fed9c4841e6d97b91c204  x86_64/10.1/RPMS/lib64kdebase4-kmenuedit-3.2.3-134.3.101mdk.x86_64.rpm
 6d832f31d1800253c03e5219b6008033  x86_64/10.1/RPMS/lib64kdebase4-konsole-3.2.3-134.3.101mdk.x86_64.rpm
 155ada78a109874be63de6ec0fd86587  x86_64/10.1/RPMS/lib64kdecore4-3.2.3-98.1.101mdk.x86_64.rpm
 2375c638d3bea07bfa72ee6a4104ea2c  x86_64/10.1/RPMS/lib64kdecore4-devel-3.2.3-98.1.101mdk.x86_64.rpm
 3a4c629b45ff88584e1789af79d909f9  x86_64/10.1/SRPMS/kdebase-3.2.3-134.3.101mdk.src.rpm
 1336c97fcbcce55e82256f315e8d391f  x86_64/10.1/SRPMS/kdelibs-3.2.3-98.1.101mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Heartbleed: Security experts reality-check the 3 most hysterical fears
Open source trounces proprietary software for code defects, Coverity analysis finds
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.