74725 – kde-base/kdebase Konqueror Java vulnerabilities

Bug 74725 - kde-base/kdebase Konqueror Java vulnerabilities

Summary: kde-base/kdebase Konqueror Java vulnerabilities

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	A2 [preebuild] jaervosz 20/12/2004
Keywords:

Depends on:
Blocks:

Reported:	2004-12-16 23:25 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified:	2006-12-27 08:52 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-12-16 23:25:26 UTC

Opening a new bug as this is still confidential (public bug #72750).

This is a draft, the text of the advisory is still subject to change.

Fixes can already be found in the KDE_3_2_BRANCH, KDE_3_3_BRANCH and HEAD
branch of KDE CVS.


KDE Security Advisory: Konqueror Java Vulnerability
Original Release Date: 2004-12-20
URL: http://www.kde.org/info/security/advisory-20041220-1.txt

0. References

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-12-16 23:25:26 UTC

Opening a new bug as this is still confidential (public bug #72750).

This is a draft, the text of the advisory is still subject to change.

Fixes can already be found in the KDE_3_2_BRANCH, KDE_3_3_BRANCH and HEAD
branch of KDE CVS.


KDE Security Advisory: Konqueror Java Vulnerability
Original Release Date: 2004-12-20
URL: http://www.kde.org/info/security/advisory-20041220-1.txt

0. References

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1145
        http://www.heise.de/security/dienste/browsercheck/tests/java.shtml

1. Systems affected:

        All versions of KDE up to KDE 3.3.1 inclusive. KDE 3.3.2 is not
        affected.


2. Overview:

        The Konqueror webbrowser makes it possible to by pass the sandbox
        environment which is used to run Java-applets in. An untrusted applet
        can escalate privileges, through JavaScript calling into Java code,
        including reading and writing files with the privileges of the user
        running the applet.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CAN-2004-1145 to this issue.


3. Impact:

        When a user has Java and JavaScript enabled in Konqueror and visits
        a malicious website, the website can run a Java-applet with escalated
        privileges that can read and write files with the privileges of the
        user.


4. Solution:

        Upgrade to KDE 3.3.2

        A backport has been made available for older versions which fixes
        this vulnerability. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.


5. Patch:

        For KDE 3.2.3 a backport of the new Java handling is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

  7fc001d010c640738ed7d2fe347f002d  post-3.2.3-kdelibs-khtml-java.tar.bz2


6. Time line and credits:

        24/11/2004 security@kde.org contacted by Heise
        29/11/2004 Fixed in KDE CVS by Koos Vriezen
        14/12/2004 Backport for KDE 3.2.3
        20/12/2004 KDE Advisory released

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-12-16 23:29:32 UTC

Caleb please be ready to bump again.

Comment 3 Caleb Tennis (RETIRED) gentoo-dev

2004-12-18 05:55:39 UTC

I've got the patches and will be bumping just as soon as I get an opportunity to do so.

Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-12-20 06:31:14 UTC

Closing issue is now public and handled on the public bug #72750.