English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.58957
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2007:0909
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0909.

The kdelibs package provides libraries for the K Desktop Environment (KDE).

Two cross-site-scripting flaws were found in the way Konqueror processes
certain HTML content. This could result in a malicious attacker presenting
misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537)

A flaw was found in KDE JavaScript implementation. A web page containing
malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308)

A flaw was found in the way Konqueror handled certain FTP PASV commands.
A malicious FTP server could use this flaw to perform a rudimentary
port-scan of machines behind a user's firewall. (CVE-2007-1564)

Two Konqueror address spoofing flaws have been discovered. It was
possible for a malicious website to cause the Konqueror address bar to
display information which could trick a user into believing they are at a
different website than they actually are. (CVE-2007-3820, CVE-2007-4224)

Users of KDE should upgrade to these updated packages, which contain
backported patches to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0909.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-0242
BugTraq ID: 23269
http://www.securityfocus.com/bid/23269
Debian Security Information: DSA-1292 (Google Search)
http://www.debian.org/security/2007/dsa-1292
http://fedoranews.org/updates/FEDORA-2007-703.shtml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:074
http://www.mandriva.com/security/advisories?name=MDKSA-2007:075
http://www.mandriva.com/security/advisories?name=MDKSA-2007:076
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510
http://www.redhat.com/support/errata/RHSA-2007-0883.html
http://www.redhat.com/support/errata/RHSA-2007-0909.html
RedHat Security Advisories: RHSA-2011:1324
http://rhn.redhat.com/errata/RHSA-2011-1324.html
http://secunia.com/advisories/24699
http://secunia.com/advisories/24705
http://secunia.com/advisories/24726
http://secunia.com/advisories/24727
http://secunia.com/advisories/24759
http://secunia.com/advisories/24797
http://secunia.com/advisories/24847
http://secunia.com/advisories/24889
http://secunia.com/advisories/25263
http://secunia.com/advisories/26804
http://secunia.com/advisories/26857
http://secunia.com/advisories/27108
http://secunia.com/advisories/27275
http://secunia.com/advisories/46117
SGI Security Advisory: 20070901-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591
SuSE Security Announcement: SUSE-SR:2007:006 (Google Search)
http://www.novell.com/linux/security/advisories/2007_6_sr.html
http://www.ubuntu.com/usn/usn-452-1
http://www.vupen.com/english/advisories/2007/1212
XForce ISS Database: qt-utf8-xss(33397)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33397
Common Vulnerability Exposure (CVE) ID: CVE-2007-0537
BugTraq ID: 22428
http://www.securityfocus.com/bid/22428
Bugtraq: 20070124 Re: Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/457924/100/0/threaded
http://www.gentoo.org/security/en/glsa/glsa-200703-10.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:031
http://www.mandriva.com/security/advisories?name=MDKSA-2007:157
http://osvdb.org/32975
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10244
http://securitytracker.com/id?1017591
http://secunia.com/advisories/23932
http://secunia.com/advisories/24013
http://secunia.com/advisories/24065
http://secunia.com/advisories/24442
http://secunia.com/advisories/24463
http://www.ubuntu.com/usn/usn-420-1
http://www.vupen.com/english/advisories/2007/0505
Common Vulnerability Exposure (CVE) ID: CVE-2007-1308
BugTraq ID: 22814
http://www.securityfocus.com/bid/22814
Bugtraq: 20070304 Konqueror DoS Via JavaScript Read Of FTP Iframe (Google Search)
http://www.securityfocus.com/archive/1/461897/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052793.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:054
http://bindshell.net/advisories/konq355
http://bindshell.net/advisories/konq355/konq355-patch.diff
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10551
http://securityreason.com/securityalert/2345
http://www.ubuntu.com/usn/usn-447-1
http://www.vupen.com/english/advisories/2007/0886
XForce ISS Database: konqueror-ftp-dos(32798)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32798
Common Vulnerability Exposure (CVE) ID: CVE-2007-1564
BugTraq ID: 23091
http://www.securityfocus.com/bid/23091
http://www.mandriva.com/security/advisories?name=MDKSA-2007:072
http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10646
http://securitytracker.com/id?1017801
http://www.vupen.com/english/advisories/2007/1076
Common Vulnerability Exposure (CVE) ID: CVE-2007-3820
BugTraq ID: 24912
http://www.securityfocus.com/bid/24912
BugTraq ID: 24918
http://www.securityfocus.com/bid/24918
Bugtraq: 20070713 Opera/Konqueror: data: URL scheme address bar spoofing (Google Search)
http://www.securityfocus.com/archive/1/473703/100/0/threaded
Bugtraq: 20070714 Re: Opera/Konqueror: data: URL scheme address bar spoofing (Google Search)
http://www.securityfocus.com/archive/1/473712/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00085.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:176
http://alt.swiecki.net/oper1.html
http://osvdb.org/37242
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10345
http://www.redhat.com/support/errata/RHSA-2007-0905.html
http://www.securitytracker.com/id?1018396
http://secunia.com/advisories/26091
http://secunia.com/advisories/26612
http://secunia.com/advisories/26720
http://secunia.com/advisories/27089
http://secunia.com/advisories/27090
http://secunia.com/advisories/27096
http://secunia.com/advisories/27106
http://securityreason.com/securityalert/2905
http://www.ubuntu.com/usn/usn-502-1
http://www.vupen.com/english/advisories/2007/2538
XForce ISS Database: opera-konqueror-addressbar-spoofing(35430)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35430
Common Vulnerability Exposure (CVE) ID: CVE-2007-4224
BugTraq ID: 25219
http://www.securityfocus.com/bid/25219
Bugtraq: 20070806 Konqueror: URL address bar spoofing vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/475689/100/0/threaded
Bugtraq: 20070806 Re: Konqueror: URL address bar spoofing vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/475731/100/0/threaded
Bugtraq: 20070806 Re: Konqueror: URL address bar spoofingvulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/475730/100/0/threaded
Bugtraq: 20070807 Re: [Full-disclosure] Konqueror: URL address bar spoofing vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/475763/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9879
http://securitytracker.com/id?1018579
http://secunia.com/advisories/26351
http://secunia.com/advisories/26690
http://secunia.com/advisories/27271
http://securityreason.com/securityalert/2982
SuSE Security Announcement: SUSE-SR:2007:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://www.vupen.com/english/advisories/2007/2807
XForce ISS Database: konqueror-setinterval-spoofing(35828)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35828
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2024 E-Soft Inc. Todos los derechos reservados.