Gentoo Bug 172527 - kde-base/kdelibs KDE ioslave PASV port scanning vulnerability (CVE-2007-1564)

Description:

Opened: 2007-03-28 07:58 0000

KDE Security Advisory: KDE ioslave PASV port scanning vulnerability
Original Release Date: 2007-03-26
URL: http://www.kde.org/info/security/advisory-20070326-1.txt

0. References
        CVE-2007-1564


1. Systems affected:

        KDE up to including KDE version 3.5.6.


2. Overview:

        The KDE FTP ioslave parses the host address in the PASV response
        of a FTP server response. mark from bindshell.net pointed
        out that this could be exploited via JavaScript for automated
        port scanning. It was not possible to demonstrate the
        vulnerability via JavaScript with Konqueror from KDE 3.5.x.
        However, other scenarios are possible.


3. Impact:

        Untrusted sites or sites that allow Javascript injection
        could cause Konqueror or other web browsers based on KHTML
        to perform port scanning.


4. Solution:

        Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.


5. Patch:

        Patch for KDE 3.5.x and newer is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        62872147c2d369feb3d9077e9b32b03d  CVE-2007-1564-kdelibs-3.5.6.diff

        Patch for KDE 3.4.x and newer is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        13535c902a6b3223005adfc1fccdd32f  CVE-2007-1564-kdelibs-3.4.3.diff

------- Comment #1 From Sune Kloppenborg Jeppesen 2007-03-28 07:59:19 0000 -------

KDE please advise and bump as necessary. Note: I didn't check which package
actually include this.

------- Comment #2 From Carsten Lohrke 2007-03-31 14:07:41 0000 -------

Actually this is "sort of" a dupe of bug 169529, just that one went completely
wrong, as it included only half of the fix and also only kdelibs-3.5.5 has been
adressed...

I'll commit a new 3.5.6 revision including some other patches as well, soon.


kdelibs-3.5.5-r10 needs to go stable. Arch teams, pretty please...

------- Comment #3 From Sune Kloppenborg Jeppesen 2007-03-31 15:14:44 0000 -------

Thx Carlo.

------- Comment #4 From Raúl Porcel 2007-03-31 18:08:11 0000 -------

ia64 + x86 stable.

------- Comment #5 From Jeroen Roovers 2007-04-01 21:15:23 0000 -------

Stable for HPPA.

------- Comment #6 From Markus Rothe 2007-04-02 18:03:17 0000 -------

ppc64 stable

------- Comment #7 From Gustavo Zacarias (RETIRED) 2007-04-03 13:01:58 0000 -------

sparc stable.

------- Comment #8 From Tobias Scherbaum 2007-04-03 19:37:16 0000 -------

ppc stable

------- Comment #9 From Jose Luis Rivero (yoswink) 2007-04-05 09:21:55 0000 -------

alpha done

------- Comment #10 From Marcus D. Hanwell 2007-04-09 19:36:14 0000 -------

Stable on amd64.

------- Comment #11 From Sune Kloppenborg Jeppesen 2007-04-11 10:06:53 0000 -------

This one is ready for GLSA decision. I tend to vote NO.

------- Comment #12 From Pierre-Yves Rofes 2007-04-11 10:17:42 0000 -------

voting no.

------- Comment #13 From Matthias Geerdsen 2007-04-12 15:23:01 0000 -------

voting no

------- Comment #14 From Sune Kloppenborg Jeppesen 2007-04-12 16:29:22 0000 -------

2+ NO votes -> Closing with NO GLSA. Feel free to reopen if you disagree.

------- Comment #15 From Sune Kloppenborg Jeppesen 2007-04-16 16:33:05 0000 -------

*** Bug 174812 has been marked as a duplicate of this bug. ***

Bug 172527 depends on:			Show dependency tree
Bug 172527 blocks:	172746		Show dependency tree

Bugzilla Bug 172527

kde-base/kdelibs KDE ioslave PASV port scanning vulnerability (CVE-2007-1564)

Last modified: 2007-04-16 16:33:05 0000