安全研究
安全漏洞
KDE Konqueror HTTP REFERER验证信息泄露漏洞
发布日期:2003-08-03
更新日期:2003-08-07
受影响系统:
KDE Konqueror the web browser 3.1.1描述:
KDE Konqueror the web browser 3.0.5
KDE Konqueror the web browser 3.0.3
KDE Konqueror the web browser 3.0.2
KDE Konqueror the web browser 3.0.1
KDE Konqueror the web browser 3.0
KDE Konqueror Embedded 0.1
KDE Konqueror the web browser 2.2.2
- Debian Linux 3.0
- Turbo Linux 7.0
KDE Konqueror the web browser 3.1
- Mandrake Linux 9.1
BUGTRAQ ID: 8297
CVE(CAN) ID: CVE-2003-0459
KDE是一款X Windows系统的图形桌面环境。Konqueror是K桌面环境的文件管理器,也可用于浏览WEB。
Konqueror不正确处理HTTP REFERER字段信息,远程攻击者可以利用这个漏洞通过网络嗅探获得用户验证的敏感信息。
Konqueror当提交类似 http://user:password@host/ 的URL请求时,会以明文方式并在用户不知晓的情况下,通过HTTP-referer字段发送出去,第三方用户可以通过截获网络通信获得这些敏感信息。
<*来源:George Staikos
链接:http://www.kde.org/info/security/advisory-20030729-1.txt
http://www.debian.org/security/2003/dsa-361
http://rhn.redhat.com/errata/RHSA-2003-236.html
http://www.linux-mandrake.com/en/security/2003/2003-079.php
*>
建议:
厂商补丁:
Debian
------
http://www.debian.org/security/2003/dsa-361
MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2003:079)以及相应补丁:
MDKSA-2003:079:Updated kdelibs packages fix konqueror authentication leak
链接:http://www.linux-mandrake.com/en/security/2003/2003-079.php
补丁下载:
Updated Packages:
Corporate Server 2.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/kdelibs-3.0.5a-1.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/kdelibs-devel-3.0.5a-1.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/SRPMS/kdelibs-3.0.5a-1.3mdk.src.rpm
Corporate Server 2.1/x86_64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/RPMS/kdelibs-3.0.5-2.1mdk.x86_64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/RPMS/kdelibs-devel-3.0.5-2.1mdk.x86_64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/SRPMS/kdelibs-3.0.5-2.1mdk.src.rpm
Mandrake Linux 9.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/kdelibs-3.0.5a-1.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/kdelibs-devel-3.0.5a-1.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/SRPMS/kdelibs-3.0.5a-1.3mdk.src.rpm
Mandrake Linux 9.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/kdelibs-3.1-58.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/kdelibs-common-3.1-58.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/kdelibs-devel-3.1-58.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/kdelibs-static-devel-3.1-58.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/SRPMS/kdelibs-3.1-58.2mdk.src.rpm
Mandrake Linux 9.1/PPC:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/kdelibs-3.1-58.2mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/kdelibs-common-3.1-58.2mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/kdelibs-devel-3.1-58.2mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/kdelibs-static-devel-3.1-58.2mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/SRPMS/kdelibs-3.1-58.2mdk.src.rpm
上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
http://www.mandrakesecure.net/en/ftp.php
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2003:236-08)以及相应补丁:
RHSA-2003:236-08:Updated KDE packages fix security issue
链接:http://rhn.redhat.com/errata/RHSA-2003-236.html
补丁下载:
Red Hat Enterprise Linux AS (v. 2.1)
--------------------------------------------------------------------------------
SRPMS:
kdelibs-2.2.2-9.src.rpm f0e606206f10a86c06abbf626a9a1e32
i386:
arts-2.2.2-9.i386.rpm abf35ed90bb162a14d96e0e3ed80ce5c
kdelibs-2.2.2-9.i386.rpm 407f8a272a2858718527fe1adeb73f7c
kdelibs-devel-2.2.2-9.i386.rpm 09ef114a24c28843a81fd3a93d06def9
kdelibs-sound-2.2.2-9.i386.rpm 5a951b1aba97b6b363918e31aac793b8
kdelibs-sound-devel-2.2.2-9.i386.rpm eeee618053e1b54a7a802b3c824f8a79
ia64:
arts-2.2.2-9.ia64.rpm 1b3acc69dcc82c8da42510ba6ff820e6
kdelibs-2.2.2-9.ia64.rpm 4172adfd6f35319b7e340952c3c51ba0
kdelibs-devel-2.2.2-9.ia64.rpm 20fb1ceb572442e36b91e55c7f29d25d
kdelibs-sound-2.2.2-9.ia64.rpm b7348ef4c58931909887a3423c165934
kdelibs-sound-devel-2.2.2-9.ia64.rpm 0fa84d0a287a99e21e868f9083bbea06
Red Hat Enterprise Linux ES (v. 2.1)
--------------------------------------------------------------------------------
SRPMS:
kdelibs-2.2.2-9.src.rpm f0e606206f10a86c06abbf626a9a1e32
i386:
arts-2.2.2-9.i386.rpm abf35ed90bb162a14d96e0e3ed80ce5c
kdelibs-2.2.2-9.i386.rpm 407f8a272a2858718527fe1adeb73f7c
kdelibs-devel-2.2.2-9.i386.rpm 09ef114a24c28843a81fd3a93d06def9
kdelibs-sound-2.2.2-9.i386.rpm 5a951b1aba97b6b363918e31aac793b8
kdelibs-sound-devel-2.2.2-9.i386.rpm eeee618053e1b54a7a802b3c824f8a79
Red Hat Enterprise Linux WS (v. 2.1)
--------------------------------------------------------------------------------
SRPMS:
kdelibs-2.2.2-9.src.rpm f0e606206f10a86c06abbf626a9a1e32
i386:
arts-2.2.2-9.i386.rpm abf35ed90bb162a14d96e0e3ed80ce5c
kdelibs-2.2.2-9.i386.rpm 407f8a272a2858718527fe1adeb73f7c
kdelibs-devel-2.2.2-9.i386.rpm 09ef114a24c28843a81fd3a93d06def9
kdelibs-sound-2.2.2-9.i386.rpm 5a951b1aba97b6b363918e31aac793b8
kdelibs-sound-devel-2.2.2-9.i386.rpm eeee618053e1b54a7a802b3c824f8a79
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
--------------------------------------------------------------------------------
SRPMS:
kdelibs-2.2.2-9.src.rpm f0e606206f10a86c06abbf626a9a1e32
ia64:
arts-2.2.2-9.ia64.rpm 1b3acc69dcc82c8da42510ba6ff820e6
kdelibs-2.2.2-9.ia64.rpm 4172adfd6f35319b7e340952c3c51ba0
kdelibs-devel-2.2.2-9.ia64.rpm 20fb1ceb572442e36b91e55c7f29d25d
kdelibs-sound-2.2.2-9.ia64.rpm b7348ef4c58931909887a3423c165934
kdelibs-sound-devel-2.2.2-9.ia64.rpm 0fa84d0a287a99e21e868f9083bbea06
浏览次数:3676
严重程度:0(网友投票)
绿盟科技给您安全的保障