(Mandrake Issues Fix) KDE Konqueror May Disclose URL-based Passwords to Remote Users Via the Referer Field
|
|
SecurityTracker Alert ID: 1007360 |
|
SecurityTracker URL: http://securitytracker.com/id/1007360
|
|
CVE Reference:
CAN-2003-0459
(Links to External Site)
|
Date: Jul 31 2003
|
Impact:
Disclosure of authentication information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.1.2 and prior versions
|
Description:
An information disclosure vulnerability was reported in the KDE Konqueror web browser. The browser may leak URL-based authentication information via the HTTP Referer field.
It is reported that the web browser may disclose the target user's authentication credentials for one web site to other web sites via the HTTP Referer header field. This can occur when the authentication credentials are provided via the URL (in the form 'http://user:password@host/').
The vendor indicates that Konqueror/Embedded is also vulnerable.
The following notification timeline is provided:
07/03/2003 Notification of security@kde.org by George Staikos
07/10/2003 Fixed in KDE CVS.
07/11/2003 OS vendors / binary package providers alerted and provided with patches.
07/29/2003 Public Security Advisory by the KDE Security team.
|
Impact:
A remote user may be able to obtain the target user's authentication credentials by monitoring the HTTP Referer field.
|
Solution:
Mandrake has released a fix.
Corporate Server 2.1:
b8bc8c31085b3953081b68e84563eafb corporate/2.1/RPMS/kdelibs-3.0.5a-1.3mdk.i586.rpm
2c202cd237dd49f4f722c5566bd987cc corporate/2.1/RPMS/kdelibs-devel-3.0.5a-1.3mdk.i586.rpm
fbdd8d3ee582d77450254a7e20c5edf5 corporate/2.1/SRPMS/kdelibs-3.0.5a-1.3mdk.src.rpm
Corporate Server 2.1/x86_64:
a57625bd5ba6e06c4bbd6c0a9a31338e x86_64/corporate/2.1/RPMS/kdelibs-3.0.5-2.1mdk.x86_64.rpm
05c01ebdeed267aa9a45201880907fb9 x86_64/corporate/2.1/RPMS/kdelibs-devel-3.0.5-2.1mdk.x86_64.rpm
72279bba0e9901ddd8d17d7db35998ef x86_64/corporate/2.1/SRPMS/kdelibs-3.0.5-2.1mdk.src.rpm
Mandrake Linux 9.0:
b8bc8c31085b3953081b68e84563eafb 9.0/RPMS/kdelibs-3.0.5a-1.3mdk.i586.rpm
2c202cd237dd49f4f722c5566bd987cc 9.0/RPMS/kdelibs-devel-3.0.5a-1.3mdk.i586.rpm
fbdd8d3ee582d77450254a7e20c5edf5 9.0/SRPMS/kdelibs-3.0.5a-1.3mdk.src.rpm
Mandrake Linux 9.1:
407505c85c575715048509488bcf9137 9.1/RPMS/kdelibs-3.1-58.2mdk.i586.rpm
52921509997a7688377a6000d00711b7 9.1/RPMS/kdelibs-common-3.1-58.2mdk.i586.rpm
3ab334a2170fe9bd8fc035327d0ff178 9.1/RPMS/kdelibs-devel-3.1-58.2mdk.i586.rpm
7c5f0501a362ac2c89e3ea8ef882990a 9.1/RPMS/kdelibs-static-devel-3.1-58.2mdk.i586.rpm
ee3757404d902cfe682f0da6e7fbebd0 9.1/SRPMS/kdelibs-3.1-58.2mdk.src.rpm
Mandrake Linux 9.1/PPC:
e7092f9cf6c55fc0a7008e04e01e6d2c ppc/9.1/RPMS/kdelibs-3.1-58.2mdk.ppc.rpm
3db061e6d33b8f6c52450d81bfdd8350 ppc/9.1/RPMS/kdelibs-common-3.1-58.2mdk.ppc.rpm
310c9f897ec102364c4c3cdcd316489e ppc/9.1/RPMS/kdelibs-devel-3.1-58.2mdk.ppc.rpm
759658ab119a0f16ea1d159e2e5a1f04 ppc/9.1/RPMS/kdelibs-static-devel-3.1-58.2mdk.ppc.rpm
ee3757404d902cfe682f0da6e7fbebd0 ppc/9.1/SRPMS/kdelibs-3.1-58.2mdk.src.rpm
|
Vendor URL: www.kde.org/info/security/advisory-20030729-1.txt (Links to External Site)
|
Cause:
Access control error, State error
|
Underlying OS:
Linux (Mandriva/Mandrake)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: 31 Jul 2003 15:38:18 -0000
Subject: MDKSA-2003:079 - Updated kdelibs packages fix konqueror authentication leak
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
Mandrake Linux Security Update Advisory
________________________________________________________________________
Package name: kdelibs
Advisory ID: MDKSA-2003:079
Date: July 31st, 2003
Affected versions: 9.0, 9.1, Corporate Server 2.1
________________________________________________________________________
Problem Description:
A vulnerability in Konqueror was discovered where it could
inadvertently send authentication credentials to websites other than
the intended site in clear text via the HTTP-referer header when
authentication credentials are passed as part of a URL in the form
http://user:password@host/.
The provided packages have a patch that corrects this issue.
________________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0459
http://www.kde.org/info/security/advisory-20030729-1.txt
________________________________________________________________________
Updated Packages:
Corporate Server 2.1:
b8bc8c31085b3953081b68e84563eafb corporate/2.1/RPMS/kdelibs-3.0.5a-1.3mdk.i586.rpm
2c202cd237dd49f4f722c5566bd987cc corporate/2.1/RPMS/kdelibs-devel-3.0.5a-1.3mdk.i586.rpm
fbdd8d3ee582d77450254a7e20c5edf5 corporate/2.1/SRPMS/kdelibs-3.0.5a-1.3mdk.src.rpm
Corporate Server 2.1/x86_64:
a57625bd5ba6e06c4bbd6c0a9a31338e x86_64/corporate/2.1/RPMS/kdelibs-3.0.5-2.1mdk.x86_64.rpm
05c01ebdeed267aa9a45201880907fb9 x86_64/corporate/2.1/RPMS/kdelibs-devel-3.0.5-2.1mdk.x86_64.rpm
72279bba0e9901ddd8d17d7db35998ef x86_64/corporate/2.1/SRPMS/kdelibs-3.0.5-2.1mdk.src.rpm
Mandrake Linux 9.0:
b8bc8c31085b3953081b68e84563eafb 9.0/RPMS/kdelibs-3.0.5a-1.3mdk.i586.rpm
2c202cd237dd49f4f722c5566bd987cc 9.0/RPMS/kdelibs-devel-3.0.5a-1.3mdk.i586.rpm
fbdd8d3ee582d77450254a7e20c5edf5 9.0/SRPMS/kdelibs-3.0.5a-1.3mdk.src.rpm
Mandrake Linux 9.1:
407505c85c575715048509488bcf9137 9.1/RPMS/kdelibs-3.1-58.2mdk.i586.rpm
52921509997a7688377a6000d00711b7 9.1/RPMS/kdelibs-common-3.1-58.2mdk.i586.rpm
3ab334a2170fe9bd8fc035327d0ff178 9.1/RPMS/kdelibs-devel-3.1-58.2mdk.i586.rpm
7c5f0501a362ac2c89e3ea8ef882990a 9.1/RPMS/kdelibs-static-devel-3.1-58.2mdk.i586.rpm
ee3757404d902cfe682f0da6e7fbebd0 9.1/SRPMS/kdelibs-3.1-58.2mdk.src.rpm
Mandrake Linux 9.1/PPC:
e7092f9cf6c55fc0a7008e04e01e6d2c ppc/9.1/RPMS/kdelibs-3.1-58.2mdk.ppc.rpm
3db061e6d33b8f6c52450d81bfdd8350 ppc/9.1/RPMS/kdelibs-common-3.1-58.2mdk.ppc.rpm
310c9f897ec102364c4c3cdcd316489e ppc/9.1/RPMS/kdelibs-devel-3.1-58.2mdk.ppc.rpm
759658ab119a0f16ea1d159e2e5a1f04 ppc/9.1/RPMS/kdelibs-static-devel-3.1-58.2mdk.ppc.rpm
ee3757404d902cfe682f0da6e7fbebd0 ppc/9.1/SRPMS/kdelibs-3.1-58.2mdk.src.rpm
________________________________________________________________________
Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________
To upgrade automatically, use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:
gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrake Linux at:
http://www.mandrakesecure.net/en/advisories/
MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE/KTfqmqjQ0CJFipgRAsgBAKDrSjQdBcRmr9hBkQ/Xbsz302I80QCfd+wy
/WxslPF5faQtpgNGx6EvQcI=
=78rY
-----END PGP SIGNATURE-----
|
|
