• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

KDE Konqueror Cross-Domain Frame Loading Vulnerability

Solution:
Gentoo Linux has released advisory GLSA 200408-13 addressing this, and other issues. Please see the referenced advisory for further information. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge sync
emerge -pv ">=kde-base/kdebase-3.2.3-r1"
emerge ">=kde-base/kdebase-3.2.3-r1"
emerge -pv ">=kde-base/kdelibs-3.2.3-r1"
emerge ">=kde-base/kdelibs-3.2.3-r1"

KDE has released an advisory (20040811-3) to address this issue. Please see the referenced advisory for more information.

OpenBSD has included patches to fix this issue in OpenBSD-current as of 14 Aug 2004. These patches have not been included in 3.4 or 3.5 at the time of this update.

Mandrake Linux has released an advisory (MDKSA-2004:086) along with fixes to address this, and other issues. Please see the referenced advisory for further information.

RedHat has released advisories (FEDORA-2004-290, FEDORA-2004-291) to address various issues affecting KDE in Fedora Core 1 and Core 2. Please see the referenced advisories for more information.

Conectiva Linux has released advisory CLA-2004:864 along with fixes dealing with this and other issues. Please see the referenced advisory for more information.

Red Hat has released an advisory (RHSA-2004:412-10) to address various issues affecting KDE in Red Hat Enterprise Linux. Please see the advisory in Web references for more information.


KDE Konqueror 3.0.5 b

• KDE post-3.0.5b-kdebase-htmlframes.patch
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.0.5b-kdebase-htmlfra mes.patch


• KDE post-3.0.5b-kdelibs-htmlframes.patch
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.0.5b-kdelibs-htmlfra mes.patch

KDE KDE 3.1.3

• Mandrake kdebase-3.1.3-79.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-3.1.3-79.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-common-3.1.3-79.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-common-3.1.3-79.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-kate-3.1.3-79.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-kate-3.1.3-79.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-kdeprintfax-3.1.3-79.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-kdeprintfax-3.1.3-79.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-kdm-3.1.3-79.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-kdm-3.1.3-79.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-kdm-config-file-3.1.3-79.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-kdm-config-file-3.1.3-79.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-konsole-3.1.3-79.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-konsole-3.1.3-79.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-nsplugins-3.1.3-79.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-nsplugins-3.1.3-79.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-progs-3.1.3-79.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-progs-3.1.3-79.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdelibs-common-3.1.3-35.3.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdelibs-common-3.1.3-35.3.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdebase4-3.1.3-79.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdebase4-devel-3.1.3-79.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdebase4-kate-3.1.3-79.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdebase4-kate-devel-3.1.3-79.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdebase4-konsole-3.1.3-79.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdebase4-nsplugins-3.1.3-79.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdebase4-nsplugins-devel-3.1.3-79.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdecore4-3.1.3-35.3.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdecore4-devel-3.1.3-35.3.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdebase4-3.1.3-79.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdebase4-devel-3.1.3-79.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdebase4-kate-3.1.3-79.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdebase4-kate-devel-3.1.3-79.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdebase4-konsole-3.1.3-79.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdebase4-nsplugins-3.1.3-79.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdebase4-nsplugins-devel-3.1.3-79.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdecore4-3.1.3-35.3.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdecore4-devel-3.1.3-35.3.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php

KDE Konqueror 3.1.5

• KDE post-3.1.5-kdebase-htmlframes.patch
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.5-kdebase-htmlfram es.patch


• KDE post-3.1.5-kdelibs-htmlframes.patch
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.1.5-kdelibs-htmlfram es.patch

KDE KDE 3.2

• Mandrake kdebase-3.2-79.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-3.2-79.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-common-3.2-79.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-common-3.2-79.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-kate-3.2-79.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-kate-3.2-79.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-kcontrol-data-3.2-79.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-kcontrol-data-3.2-79.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-kdeprintfax-3.2-79.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-kdeprintfax-3.2-79.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-kdm-3.2-79.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-kdm-3.2-79.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-kdm-config-file-3.2-79.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-kdm-config-file-3.2-79.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-kmenuedit-3.2-79.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-kmenuedit-3.2-79.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-konsole-3.2-79.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-konsole-3.2-79.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-nsplugins-3.2-79.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-nsplugins-3.2-79.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-progs-3.2-79.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdebase-progs-3.2-79.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdelibs-common-3.2-36.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdelibs-common-3.2-36.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdebase4-3.2-79.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdebase4-devel-3.2-79.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdebase4-kate-3.2-79.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdebase4-kate-devel-3.2-79.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdebase4-kmenuedit-3.2-79.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdebase4-konsole-3.2-79.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdebase4-nsplugins-3.2-79.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdebase4-nsplugins-devel-3.2-79.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdecore4-3.2-36.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdecore4-devel-3.2-36.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdebase4-3.2-79.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdebase4-devel-3.2-79.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdebase4-kate-3.2-79.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdebase4-kate-devel-3.2-79.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdebase4-kmenuedit-3.2-79.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdebase4-konsole-3.2-79.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdebase4-nsplugins-3.2-79.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdebase4-nsplugins-devel-3.2-79.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdecore4-3.2-36.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdecore4-devel-3.2-36.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php

KDE Konqueror 3.2.3

• KDE post-3.2.3-kdebase-htmlframes.patch
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdebase-htmlfram es.patch


• KDE post-3.2.3-kdelibs-htmlframes.patch
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-htmlfram es.patch