• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

KDE Konqueror Sub-Frames Script Execution Vulnerability

Solution:
The vendor has addressed this issue with kdelibs-3.0.3a. Users are advised to upgrade. Patches have also been made available.

MandrakeSoft has issued an advisory. Mandrake Linux 8.1 and 8.2 are vulnerable to this issue. Users are advised to download and install the appropriate RPMs. Further details may be found in the referenced advisory.

RedHat has released an advisory, RHSA-2002:220-40, that contains many fixes. Information about obtaining and applying fixes are available in the referenced advisory.


KDE KDE 2.2.1

• SCO kdelibs2-2.2.1-6.1.i386.rpm
  3.1.1 Server
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-047.0/R PMS/kdelibs2-2.2.1-6.1.i386.rpm


• SCO kdelibs2-2.2.1-6.1.i386.rpm
  3.1.1 Workstation
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-04 7.0/RPMS/kdelibs2-2.2.1-6.1.i386.rpm


• SCO kdelibs2-2.2.1-6.1.i386.rpm
  3.1 Server
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-047.0/RPM S/kdelibs2-2.2.1-6.1.i386.rpm


• SCO kdelibs2-2.2.1-6.1.i386.rpm
  3.1 Workstation
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-047. 0/RPMS/kdelibs2-2.2.1-6.1.i386.rpm


• SCO kdelibs2-devel-2.2.1-6.1.i386.rpm
  3.1.1 Server
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-047.0/R PMS/kdelibs2-devel-2.2.1-6.1.i386.rpm


• SCO kdelibs2-devel-2.2.1-6.1.i386.rpm
  3.1.1 Workstation
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-04 7.0/RPMS/kdelibs2-devel-2.2.1-6.1.i386.rpm


• SCO kdelibs2-devel-2.2.1-6.1.i386.rpm
  3.1 Workstation
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-047. 0/RPMS/kdelibs2-devel-2.2.1-6.1.i386.rpm


• SCO kdelibs2-devel-static-2.2.1-6.1.i386.rpm
  3.1.1 Server
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-047.0/R PMS/kdelibs2-devel-static-2.2.1-6.1.i386.rpm


• SCO kdelibs2-devel-static-2.2.1-6.1.i386.rpm
  3.1.1 Workstation
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-04 7.0/RPMS/kdelibs2-devel-static-2.2.1-6.1.i386.rpm


• SCO kdelibs2-devel-static-2.2.1-6.1.i386.rpm
  3.1 Server
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-047.0/RPM S/kdelibs2-devel-static-2.2.1-6.1.i386.rpm


• SCO kdelibs2-devel-static-2.2.1-6.1.i386.rpm
  3.1 Workstation
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-047. 0/RPMS/kdelibs2-devel-static-2.2.1-6.1.i386.rpm


• SCO kdelibs2-doc-2.2.1-6.1.i386.rpm
  3.1.1 Server
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-047.0/R PMS/kdelibs2-doc-2.2.1-6.1.i386.rpm


• SCO kdelibs2-doc-2.2.1-6.1.i386.rpm
  3.1.1 Workstation
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-04 7.0/RPMS/kdelibs2-doc-2.2.1-6.1.i386.rpm


• SCO kdelibs2-doc-2.2.1-6.1.i386.rpm
  3.1 Server
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-047.0/RPM S/kdelibs2-doc-2.2.1-6.1.i386.rpm


• SCO kdelibs2-doc-2.2.1-6.1.i386.rpm
  3.1 Workstation
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-047. 0/RPMS/kdelibs2-doc-2.2.1-6.1.i386.rpm

KDE KDE 2.2.2

• Debian kdelibs3_2.2.2-13.woody.3_alpha.deb
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2- 13.woody.3_alpha.deb


• Debian kdelibs3_2.2.2-13.woody.3_arm.deb
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2- 13.woody.3_arm.deb


• Debian kdelibs3_2.2.2-13.woody.3_hppa.deb
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2- 13.woody.3_hppa.deb


• Debian kdelibs3_2.2.2-13.woody.3_i386.deb
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2- 13.woody.3_i386.deb


• Debian kdelibs3_2.2.2-13.woody.3_ia64.deb
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2- 13.woody.3_ia64.deb


• Debian kdelibs3_2.2.2-13.woody.3_m68k.deb
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2- 13.woody.3_m68k.deb


• Debian kdelibs3_2.2.2-13.woody.3_mips.deb
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2- 13.woody.3_mips.deb


• Debian kdelibs3_2.2.2-13.woody.3_mipsel.deb
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2- 13.woody.3_mipsel.deb


• Debian kdelibs3_2.2.2-13.woody.3_powerpc.deb
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2- 13.woody.3_powerpc.deb


• Debian kdelibs3_2.2.2-13.woody.3_s390.deb
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2- 13.woody.3_s390.deb


• Debian kdelibs3_2.2.2-13.woody.3_sparc.deb
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2- 13.woody.3_sparc.deb


• KDE post-2.2.2-kdelibs-khtml.diff
  ftp://ftp.kde.org/pub/kde/security_patches


• KDE kdelibs-3.0.3a.tar.bz2
  http://download.kde.org/stable/3.0.3


• MandrakeSoft arts-2.2.1-6.1mdk.i586.rpm
  Mandrake Linux 8.1.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft arts-2.2.1-6.1mdk.ia64.rpm
  Mandrake Linux 8.1/ia64.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft arts-2.2.2-49.1mdk.i586.rpm
  Mandrake Linux 8.2.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft arts-2.2.2-49.1mdk.ppc.rpm
  Mandrake Linux 8.2/ppc.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft kdelibs-2.2.1-6.1mdk.i586.rpm
  Mandrake Linux 8.1.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft kdelibs-2.2.1-6.1mdk.ia64.rpm
  Mandrake Linux 8.1/ia64.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft kdelibs-2.2.2-49.1mdk.i586.rpm
  Mandrake Linux 8.2.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft kdelibs-2.2.2-49.1mdk.ppc.rpm
  Mandrake Linux 8.2/ppc.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft kdelibs-devel-2.2.1-6.1mdk.i586.rpm
  Mandrake Linux 8.1.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft kdelibs-devel-2.2.1-6.1mdk.ia64.rpm
  Mandrake Linux 8.1/ia64.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft kdelibs-devel-2.2.2-49.1mdk.i586.rpm
  Mandrake Linux 8.2.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft kdelibs-devel-2.2.2-49.1mdk.ppc.rpm
  Mandrake Linux 8.2/ppc.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft kdelibs-sound-2.2.1-6.1mdk.i586.rpm
  Mandrake Linux 8.1.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft kdelibs-sound-2.2.1-6.1mdk.ia64.rpm
  Mandrake Linux 8.1/ia64.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft kdelibs-sound-2.2.2-49.1mdk.i586.rpm
  Mandrake Linux 8.2.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft kdelibs-sound-2.2.2-49.1mdk.ppc.rpm
  Mandrake Linux 8.2/ppc.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft kdelibs-static-devel-2.2.1-6.1mdk.i586.rpm
  Mandrake Linux 8.1.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft kdelibs-static-devel-2.2.1-6.1mdk.ia64.rpm
  Mandrake Linux 8.1/ia64.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft libarts2-2.2.1-6.1mdk.i586.rpm
  Mandrake Linux 8.1.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft libarts2-2.2.1-6.1mdk.ia64.rpm
  Mandrake Linux 8.1/ia64.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft libarts2-2.2.2-49.1mdk.i586.rpm
  Mandrake Linux 8.2.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft libarts2-2.2.2-49.1mdk.ppc.rpm
  Mandrake Linux 8.2/ppc.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft libarts2-devel-2.2.1-6.1mdk.i586.rpm
  Mandrake Linux 8.1.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft libarts2-devel-2.2.1-6.1mdk.ia64.rpm
  Mandrake Linux 8.1/ia64.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft libarts2-devel-2.2.2-49.1mdk.i586.rpm
  Mandrake Linux 8.2.
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft libarts2-devel-2.2.2-49.1mdk.ppc.rpm
  Mandrake Linux 8.2 ppc.
  http://www.mandrakesecure.net/en/ftp.php

KDE KDE 3.0

• KDE kdelibs-3.0.3a.tar.bz2
  http://download.kde.org/stable/3.0.3

KDE KDE 3.0.1

• KDE kdelibs-3.0.3a.tar.bz2
  http://download.kde.org/stable/3.0.3

KDE KDE 3.0.2

• KDE kdelibs-3.0.3a.tar.bz2
  http://download.kde.org/stable/3.0.3

KDE KDE 3.0.3

• Conectiva kdelibs-artsinterface-3.0.3-1U80_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/kdelibs-artsinterface-3.0.3 -1U80_2cl.i386.rpm


• Conectiva kdelibs-config-3.0.3-1U80_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/kdelibs-config-3.0.3-1U80_2 cl.i386.rpm


• Conectiva kdelibs-docbook-3.0.3-1U80_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/kdelibs-docbook-3.0.3-1U80_ 2cl.i386.rpm


• Conectiva kdelibs3-3.0.3-1U80_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/kdelibs3-3.0.3-1U80_2cl.i38 6.rpm


• Conectiva kdelibs3-3.0.3-1U80_2cl.src.rpm
  ftp://atualizacoes.conectiva.com.br/8/SRPMS/kdelibs3-3.0.3-1U80_2cl.sr c.rpm


• Conectiva kdelibs3-devel-3.0.3-1U80_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/kdelibs3-devel-3.0.3-1U80_2 cl.i386.rpm


• KDE post-3.0.3-kdelibs-khtml.diff
  ftp://ftp.kde.org/pub/kde/security_patches


• KDE kdelibs-3.0.3a.tar.bz2
  http://download.kde.org/stable/3.0.3