Summary: | kde-base/konqueror-3.5.9 HTML parser DOS (CVE-2008-{4514,5712}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED OBSOLETE | ||
Severity: | minor | CC: | esigra |
Priority: | Low | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A4 [upstream] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 271889 | ||
Bug Blocks: |
Description
Stefan Behte (RETIRED)
2008-10-10 13:28:56 UTC
http://www.milw0rm.com/exploits/6689 perl -e 'print "<html>\n" . "<font color=" . "A" x 500000 . "\n</html>"' > kdie.html CVE-2008-5712 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5712): The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOLOR attribute in a (2) TABLE, (3) TD, or (4) TR element. NOTE: the FONT vector is already covered by CVE-2008-4514. bugs 241112 239565 252686 are security bugs for konqueror-3.5 I plan to stabilize kde-3.5.10 really soon. We can't do anything for those bugs, because upstream development for kde3 has stopped (so even reporting those we won't have feedback) and of course we can't mask the default kde3 browser. I can search for possible patches in other distros, although i highly doubt i'll find any since most distros stopped supporting kde3. Thanks i have opened stabilization bug for kde 3.5.10, adding it in depend buglist =konqueror-3* is now masked for removal KDE 3 is not in tree any more. CC us again if you need anything. thanks KDE 3.5 is long gone. |