KDE Security Advisory: KDE ioslave PASV port scanning vulnerability Original Release Date: 2007-03-26 URL: http://www.kde.org/info/security/advisory-20070326-1.txt 0. References CVE-2007-1564 1. Systems affected: KDE up to including KDE version 3.5.6. 2. Overview: The KDE FTP ioslave parses the host address in the PASV response of a FTP server response. mark from bindshell.net pointed out that this could be exploited via JavaScript for automated port scanning. It was not possible to demonstrate the vulnerability via JavaScript with Konqueror from KDE 3.5.x. However, other scenarios are possible. 3. Impact: Untrusted sites or sites that allow Javascript injection could cause Konqueror or other web browsers based on KHTML to perform port scanning. 4. Solution: Source code patches have been made available which fix these vulnerabilities. Contact your OS vendor / binary package provider for information about how to obtain updated binary packages. 5. Patch: Patch for KDE 3.5.x and newer is available from ftp://ftp.kde.org/pub/kde/security_patches : 62872147c2d369feb3d9077e9b32b03d CVE-2007-1564-kdelibs-3.5.6.diff Patch for KDE 3.4.x and newer is available from ftp://ftp.kde.org/pub/kde/security_patches : 13535c902a6b3223005adfc1fccdd32f CVE-2007-1564-kdelibs-3.4.3.diff
KDE please advise and bump as necessary. Note: I didn't check which package actually include this.
Actually this is "sort of" a dupe of bug 169529, just that one went completely wrong, as it included only half of the fix and also only kdelibs-3.5.5 has been adressed... I'll commit a new 3.5.6 revision including some other patches as well, soon. kdelibs-3.5.5-r10 needs to go stable. Arch teams, pretty please...
Thx Carlo.
ia64 + x86 stable.
Stable for HPPA.
ppc64 stable
sparc stable.
ppc stable
alpha done
Stable on amd64.
This one is ready for GLSA decision. I tend to vote NO.
voting no.
voting no
2+ NO votes -> Closing with NO GLSA. Feel free to reopen if you disagree.
*** Bug 174812 has been marked as a duplicate of this bug. ***