Your message dated Fri, 2 Jul 2004 03:30:06 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Bug#250215: CAN-2004-0411: URI handlers do not filter properly
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 21 May 2004 10:59:26 +0000
>From [EMAIL PROTECTED] Fri May 21 03:59:26 2004
Return-path: <[EMAIL PROTECTED]>
Received: from mail.o2w.nl [213.227.141.209] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BR7kM-00006A-00; Fri, 21 May 2004 03:59:26 -0700
Received: from zensunni.xinara.org (unknown [217.22.72.48])
(using TLSv1 with cipher RC4-SHA (128/128 bits))
(Client did not present a certificate)
by mail.o2w.nl (Postfix) with ESMTP id 92ECF358E0
for <[EMAIL PROTECTED]>; Fri, 21 May 2004 12:59:25 +0200 (CEST)
Received: from ray by zensunni.xinara.org with local (Exim 4.34)
id 1BR7kH-00031N-WF; Fri, 21 May 2004 12:59:22 +0200
Date: Fri, 21 May 2004 12:59:21 +0200
From: "J.H.M. Dassen (Ray)" <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: CAN-2004-0411: URI handlers do not filter properly
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Reportbug-Version: 2.59
Organization: Ray at home
X-System: Debian GNU/Linux testing/unstable, kernel 2.4.27-pre3
User-Agent: Mutt/1.5.6i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: konqueror
Version: 4:3.2.2-1
Severity: grave
Tags: security upstream woody sarge sid
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411 :
Candidate: CAN-2004-0411
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411
Phase: Assigned (20040416)
Category: SF
Reference: BUGTRAQ:20040513 Opera Telnet URI Handler Vulnerability also applies
to other browsers
Reference: URL:http://www.securityfocus.com/archive/1/363225
Reference: BUGTRAQ:20040517 KDE Security Advisory: URI Handler Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108481412427344&w=2
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20040517-1.txt
Reference: REDHAT:RHSA-2004:222
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-222.html
The URI handlers in Konqueror for KDE 3.2.2 and earlier do not
properly filter "-" characters that begin a hostname in a (1) telnet,
(2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers
to manipulate the options that are passed to the associated programs,
possibly to read arbitrary files or execute arbitrary code.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (800, 'unstable'), (750, 'experimental'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-pre3
Locale: LANG=C, LC_CTYPE=en_US.ISO8859-1
--
Obsig: developing a new sig
---------------------------------------
Received: (at 250215-done) by bugs.debian.org; 2 Jul 2004 01:30:20 +0000
>From [EMAIL PROTECTED] Thu Jul 01 18:30:20 2004
Return-path: <[EMAIL PROTECTED]>
Received: from alc1-interjet256-159-105.medtelecom.net (chistera.yi.org)
[62.117.159.105]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BgCse-0007Yk-00; Thu, 01 Jul 2004 18:30:20 -0700
Received: from userid 1000 by chistera.yi.org with local (Exim 4.34)
id 1BgCsQ-00030c-8F; Fri, 02 Jul 2004 03:30:06 +0200
Date: Fri, 2 Jul 2004 03:30:06 +0200
From: Adeodato =?iso-8859-1?Q?Sim=F3?= <[EMAIL PROTECTED]>
To: "J.H.M. Dassen (Ray)" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: Bug#250215: CAN-2004-0411: URI handlers do not filter properly
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <[EMAIL PROTECTED]>
X-No-CC: Please respect my Mail-Followup-To header
User-Agent: Mutt/1.5.6+20040523i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-4.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS,
HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
* J.H.M. Dassen (Ray) [Fri, 21 May 2004 12:59:21 +0200]:
> Tags: security upstream woody sarge sid
> The URI handlers in Konqueror for KDE 3.2.2 and earlier do not
> properly filter "-" characters that begin a hostname in a (1) telnet,
> (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers
> to manipulate the options that are passed to the associated programs,
> possibly to read arbitrary files or execute arbitrary code.
This has been fixed for woody in Debian Security Advisory DSA 518-1 [1].
It was also fixed for sid by the upload of kdelibs 3.2.3-1 on 2004-06-03,
which is still waiting to enter sarge. Just for the record, the detailed
fix for sid was:
- kdelibs/kdecore/kapplication.cpp revision 1.654, which was backported
to KDE_3_2_BRANCH in 1.637.2.11 (KDE 3.2.3 includes 1.637.2.12).
- kdelibs/kio/misc/ktelnetservice.cpp revision 1.9, which was backported
to KDE_3_2_BRANCH in 1.7.2.2 (KDE 3.2.3 includes 1.7.2.2).
I am hereby closing this bug.
[1] http://www.debian.org/security/2004/dsa-518
--
Adeodato Simó
EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
There may be no I in TEAM, but a M and an E.
