FreeBSD Local Security Checks : FreeBSD Ports: kdelibs

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52414

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: kdelibs

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to the system
as announced in the referenced advisory.

The following package is affected: kdelibs

CVE-2004-0746
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for
country-specific top-level domains, such as .ltd.uk, .plc.uk and
.firm.in, which could allow remote attackers to perform a session
fixation attack and hijack a user's HTTP session.

Solution:
Update your system with the appropriate patches or
software upgrades.

http://www.kde.org/info/security/advisory-20040823-1.txt
http://www.osvdb.org/9117
http://secunia.com/advisories/12341
http://www.acros.si/papers/session_fixation.pdf
http://www.vuxml.org/freebsd/2797b27a-f55b-11d8-81b0-000347a4fa7d.html

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: BugTraq ID: 10991
Common Vulnerability Exposure (CVE) ID: CVE-2004-0746
http://www.securityfocus.com/bid/10991
Bugtraq: 20040823 KDE Security Advisory: Konqueror Cross-Domain Cookie Injection (Google Search)
http://marc.info/?l=bugtraq&m=109327681304401&w=2
Conectiva Linux advisory: CLA-2004:864
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11281
http://secunia.com/advisories/12341
XForce ISS Database: kde-konqueror-cookie-set(17063)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17063

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52414
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: kdelibs
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to the system as announced in the referenced advisory. The following package is affected: kdelibs CVE-2004-0746 Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. Solution: Update your system with the appropriate patches or software upgrades. http://www.kde.org/info/security/advisory-20040823-1.txt http://www.osvdb.org/9117 http://secunia.com/advisories/12341 http://www.acros.si/papers/session_fixation.pdf http://www.vuxml.org/freebsd/2797b27a-f55b-11d8-81b0-000347a4fa7d.html CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	BugTraq ID: 10991 Common Vulnerability Exposure (CVE) ID: CVE-2004-0746 http://www.securityfocus.com/bid/10991 Bugtraq: 20040823 KDE Security Advisory: Konqueror Cross-Domain Cookie Injection (Google Search) http://marc.info/?l=bugtraq&m=109327681304401&w=2 Conectiva Linux advisory: CLA-2004:864 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11281 http://secunia.com/advisories/12341 XForce ISS Database: kde-konqueror-cookie-set(17063) https://exchange.xforce.ibmcloud.com/vulnerabilities/17063
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com