FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

kdelibs3 -- konqueror FTP command injection vulnerability

Affected packages
ja-kdelibs < 3.3.2_2
kdelibs < 3.3.2_2

Details

VuXML ID 832e9d75-5bfc-11d9-a9e7-0001020eed82
Discovery 2004-12-01
Entry 2005-01-01
Modified 2005-01-04

Albert Puigsech Galicia reports that Konqueror (more specifically kio_ftp) and Microsoft Internet Explorer are vulnerable to a FTP command injection vulnerability which can be exploited by tricking an user into clicking a specially crafted FTP URI.

It is also reported by Ian Gulliver and Emanuele Balla that this vulnerability can be used to tricking a client into sending out emails without user interaction.

References

Bugtraq ID 11827
CVE Name CVE-2004-1165
Message 200412051011.54045.ripe@7a69ezine.org
Message 20041223235620.GA2846@penguinhosting.net
Message 20041224142506.GB12939@penguinhosting.net
URL http://www.kde.org/info/security/advisory-20050101-1.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.